As many as 10 state Medicaid agencies faced "high-risk" security issues, found while studying audits conducted from 2010 to 2012, according to the Department of Health and Human Services' (HHS) Inspector General's Office.
The report didn't identify the Medicaid programs, so the affected programs didn't suffer further attack. A mix of access control problems, network operation controls, and entity-wide controls were found in programs spread across 10 states - with 79 confirmed security problems noted.
Employers aren't encrypting information, keeping patches updated, or taking basic steps to keep information secure. The Government Accountability Office (GAO) recently said government agencies don't do enough after suffering data breaches, and this report further confirms the problem.
From the report:
"Officials from several state agencies described some common causes when we discussed these findings with them. They pointed most frequently to resource constraints that made information system security a lower priority. Officials also described a lack of formal policies and procedures when explaining the causes of the vulnerabilities. The effectiveness of these information system general controls directly affects the state agencies' ability to sustain secure Medicaid systems."