Security holes in Maryland's Medicaid system put patient data at risk, OIG finds

Written by Jessica Kim Cohen | August 20, 2018 | Print[1] | Email[2]

Maryland did not adequately follow federal requirements to secure its Medicaid data and information systems, according to an HHS Office of Inspector General report[3]. The OIG conducted its report as part of an ongoing review of the computer systems that states use to administer HHS-funded programs, such as Medicaid. For the report, the OIG reviewed Maryland’s policies and procedures for its Medicaid Management Information System, interviewed staff and conducted a vulnerability assessment of network devices, websites, servers and databases.

The OIG concluded that although Maryland had adopted a security program for its Medicaid Management Information System, there were “numerous significant system vulnerabilities.” “Although we did not identify evidence that anyone had exploited these vulnerabilities, exploitation could have resulted in unauthorized access to and disclosure of Medicaid data, as well as the disruption of critical Medicaid operations,” the report reads. The OIG recommended Maryland improve its security program for Medicaid data in accordance with federal requirements.

Maryland concurred with the recommendations and has taken steps to implement them, according to the report. To download the OIG’s report, click here[4]. More articles on cybersecurity:
Most medical device cybersecurity issues attributed to user authentication, report finds
Flaw in medical devices might allow hackers to change patient vital signs, McAfee suggests
Healthcare cloud provider offers HITRUST-certified products for Amazon, Google, Microsoft clouds[5][6][7]

(C) Copyright ASC COMMUNICATIONS 2018.

Interested in LINKING to or REPRINTING this content?

View our policies by clicking here[8].

To receive the latest hospital and health system business and legal news and analysis from Becker’s Hospital Review, sign-up for the free Becker’s Hospital Review E-weekly by clicking here[9].

References

  1. ^ Print article (www.beckershospitalreview.com)
  2. ^ Email (www.beckershospitalreview.com)
  3. ^ report (www.oig.hhs.gov)
  4. ^ click here (www.oig.hhs.gov)
  5. ^ Most medical device cybersecurity issues attributed to user authentication, report finds (www.beckershospitalreview.com)
  6. ^ Flaw in medical devices might allow hackers to change patient vital signs, McAfee suggests (www.beckershospitalreview.com)
  7. ^ Healthcare cloud provider offers HITRUST-certified products for Amazon, Google, Microsoft clouds (www.beckershospitalreview.com)
  8. ^ clicking here (www.beckershospitalreview.com)
  9. ^ clicking here (www.beckershospitalreview.com)

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *