The review assessed whether the state implemented appropriate security controls over the CSRA’s information system as they related to the North Carolina Medicaid program claims processing for fiscal year 2016. The federal agency determined the state did not ensure the contractor implemented adequate information security, as required by the federal government.
Although the audit did not identify any vulnerabilities had been exploited, it noted unauthorized access to and disclosure of information or disruption of operations is possible.
“In addition, without proper safeguards, systems are not protected from individuals and groups with malicious intent to obtain access in order to commit fraud or abuse or launch attacks against other computer systems and networks,” the audit reads.
More articles on cybersecurity:
Philips to update radiation application after discovering security vulnerability
Cybersecurity attorney: How constitutional is the Hutchins indictment?
Labor Department closes injury reporting system after potential breach
