Security holes in Maryland's Medicaid system put patient data at risk, OIG finds

Maryland did not adequately follow federal requirements to secure its Medicaid data and information systems, according to an HHS Office of Inspector General report.

The OIG conducted its report as part of an ongoing review of the computer systems that states use to administer HHS-funded programs, such as Medicaid. For the report, the OIG reviewed Maryland's policies and procedures for its Medicaid Management Information System, interviewed staff and conducted a vulnerability assessment of network devices, websites, servers and databases.

The OIG concluded that although Maryland had adopted a security program for its Medicaid Management Information System, there were "numerous significant system vulnerabilities."

"Although we did not identify evidence that anyone had exploited these vulnerabilities, exploitation could have resulted in unauthorized access to and disclosure of Medicaid data, as well as the disruption of critical Medicaid operations," the report reads.

The OIG recommended Maryland improve its security program for Medicaid data in accordance with federal requirements. Maryland concurred with the recommendations and has taken steps to implement them, according to the report.

To download the OIG's report, click here.

More articles on cybersecurity:
Most medical device cybersecurity issues attributed to user authentication, report finds
Flaw in medical devices might allow hackers to change patient vital signs, McAfee suggests
Healthcare cloud provider offers HITRUST-certified products for Amazon, Google, Microsoft clouds

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers