HHS OIG: Alabama failed to secure Medicaid data, IT systems

Alabama has not adequately secured its Medicaid data and information systems in accordance with federal requirements, according to an HHS Office of Inspector General report.

OIG reviewed Alabama's Medicaid Management Information System policies and procedures, interviewed staff and used vulnerability assessment scanning software to conduct its evaluation.

Although Alabama's MMIS adopted a security program, numerous significant vulnerabilities remained. Specifically, the state did not ensure HP, the state's Medicaid fiscal agent, implemented contract security requirements.

"Although we did not identify evidence that anyone had exploited these vulnerabilities, exploitation could have resulted in unauthorized access to and disclosure of Medicaid data, as well as the disruption of critical Medicaid operations," the report reads.

Alabama concurred with OIG's recommendations, but objected to the report's title, writing, "Alabama has always, and will continue to always, strive to secure its Medicare data and information systems."

More articles on cybersecurity:

Washington VA notifies patients of compromised PHI after laptop goes missing

SEC discloses system hack

Phishing attack at Morehead Memorial Hospital exposes PHI of 66k

Copyright © 2023 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars