The Department of Health and Human Services’ Office of Inspector General (OIG) revealed the discoveries of the audit of Maryland’s Medicaid system they carried out.
The audit was carried out in line with the HHS OIG’s endeavors to supervise states’ usage of different Federal programs and to figure out if proper security regulations were enforced to safeguard the Medicaid Management Information System (MMIS) as well as Medicaid (information.
The audit included interviews with staff members, an evaluation of supporting documents, and employment of vulnerability scanning software on system devices, servers, webpages, and databases that backed its MMIS.
The audit found various system security vulnerabilities which can likely be used by threat actors to acquire access to Medicaid data and disturb vital Medicaid operations. Jointly, and in several circumstances independently, the vulnerabilities were ‘important’ and may have jeopardized the dependability of the state’s Medicaid program.
Particulars of the flaws found by auditors weren’t shared openly, though OIG did point out that the flaws were found as a result of the failure to carry out enough controls over MMIS data and network systems. Though the vulnerabilities were critical, OIG failed to obtain any information to imply the vulnerabilities had already been exploited.
OIG has advised Maryland to carrry out a few enhancements to its Medicaid program to be sure its information systems and also Medicaid information are adequately protected to a standard that complies with Federal standards. Maryland agreed with all of the advice made by OIG and has put forward a plan which deals with all of the flaws which have not yet been solved.
The audit was one of many performed on a variety of states during the last few months and the discoveries were identical to the MMIS audits of other states. Though it is a problem that serious vulnerabilities really exist, the audits make certain that vulnerabilities are found and are dealt with well before they are taken advantage of by hackers, therefore helping to avert critical data breaches.