- Maryland has not adequately secured its Medicaid data and information systems in line with federal requirements, HHS’ Office of Inspector General said in a new report.
- "Numerous significant system vulnerabilities" were found, even though Maryland has adopted a security program for its Medicaid Management Information System, OIG said.
- Exploitation could have resulted in unauthorized access to Medicaid data and the disruption of critical operations of the program, OIG said. But OIG said it did not identify evidence that anyone had exploited the system vulnerabilities.
State agencies are required to establish computer system safeguards and conduct biennial reviews of data security for administration of Medicaid and other federal entitlement benefits. OIG said Maryland’s was one of a number of state computer systems used to administer HHS-funded programs that it reviewed.
OIG said it found vulnerabilities in Maryland’s security system that collectively, and in some cases individually, could have compromised the integrity of the state’s Medicaid program.
Maryland's Medicaid program processes about $10 billion paid out to providers each year.
In February, Maryland Attorney General Brian Frosh announced that the state had reached an $81 million settlement with a contractor to resolve disputes stemming from a major IT project to restructure the state's Medicaid computer system.
Maryland hired Computer Sciences Corp. for $170 million in 2012 to develop and implement a new computer system for the Medicaid program. The project was intended to replace the existing computer system that was built in 1992 and is still in use.
According to the Maryland attorney general, the project fell far behind within a year, and "CSC refused to perform contractually required work necessary to meet the requirements of the Affordable Care Act."
The OIG report made available to the public did not specify what steps Maryland currently is taking to comply with the inspector general's requirements, but it said the state agreed with its recommendations.