Maryland’s Medicaid System Audit Revealed Vulnerabilities

by

The Department of Health and Human Services’ Office of Inspector General (OIG) revealed the discoveries of the audit of Maryland’s Medicaid system they carried out.

The audit was carried out in line with the HHS OIG’s endeavors to supervise states’ usage of different Federal programs and to figure out if proper security regulations were enforced to safeguard the Medicaid Management Information System (MMIS) as well as Medicaid (information.

The audit included interviews with staff members, an evaluation of supporting documents, and employment of vulnerability scanning software on system devices, servers, webpages, and databases that backed its MMIS.

The audit found various system security vulnerabilities which can likely be used by threat actors to acquire access to Medicaid data and disturb vital Medicaid operations. Jointly, and in several circumstances independently, the vulnerabilities were ‘important’ and may have jeopardized the dependability of the state’s Medicaid program.

Particulars of the flaws found by auditors weren’t shared openly, though OIG did point out that the flaws were found as a result of the failure to carry out enough controls over MMIS data and network systems. Though the vulnerabilities were critical, OIG failed to obtain any information to imply the vulnerabilities had already been exploited.

OIG has advised Maryland to carrry out a few enhancements to its Medicaid program to be sure its information systems and also Medicaid information are adequately protected to a standard that complies with Federal standards. Maryland agreed with all of the advice made by OIG and has put forward a plan which deals with all of the flaws which have not yet been solved.

The audit was one of many performed on a variety of states during the last few months and the discoveries were identical to the MMIS audits of other states. Though it is a problem that serious vulnerabilities really exist, the audits make certain that vulnerabilities are found and are dealt with well before they are taken advantage of by hackers, therefore helping to avert critical data breaches.

James Keogh

James Keogh has been writing about the healthcare sector in the United States for several years and is currently the editor of HIPAAnswers. He has a particular interest in HIPAA and the intersection of healthcare privacy and information technology. He has developed specialized knowledge in HIPAA-related issues, including compliance, patient privacy, and data breaches. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681 or email directly at [email protected]