The OIG conducted its report as part of an ongoing review of the computer systems that states use to administer HHS-funded programs, such as Medicaid. For the report, the OIG reviewed Maryland’s policies and procedures for its Medicaid Management Information System, interviewed staff and conducted a vulnerability assessment of network devices, websites, servers and databases.
The OIG concluded that although Maryland had adopted a security program for its Medicaid Management Information System, there were “numerous significant system vulnerabilities.”
“Although we did not identify evidence that anyone had exploited these vulnerabilities, exploitation could have resulted in unauthorized access to and disclosure of Medicaid data, as well as the disruption of critical Medicaid operations,” the report reads.
The OIG recommended Maryland improve its security program for Medicaid data in accordance with federal requirements. Maryland concurred with the recommendations and has taken steps to implement them, according to the report.
To download the OIG’s report, click here.
More articles on cybersecurity:
Most medical device cybersecurity issues attributed to user authentication, report finds
Flaw in medical devices might allow hackers to change patient vital signs, McAfee suggests
Healthcare cloud provider offers HITRUST-certified products for Amazon, Google, Microsoft clouds