8:11 AM, Apr 1, 2014 • By JERYL BIER
The office of the inspector general (OIG) for the Department of Health and Human Services (HHS) has uncovered seventy-nine "high-risk security vulnerabilities" in the information processing systems of ten state Medicaid agencies that "raise concerns about the integrity of the systems used to process Medicaid claims." While the ten states are not identified by name, the OIG said that the investigation "suggests that other State Medicaid information systems may be similarly vulnerable," though the results could not be conclusively applied to all fifty states. Now that the expansion of Medicaid under the Affordable Care Act has taken effect in 2014, millions of new enrollees will be added to these same state systems, ready or not.
While the number of findings range from a low of three in one state to a high of seventeen in another, a chart accompanying the report illustrates the pervasiveness of the problems throughout the states, as well as the widespread nature of the vulnerabilities:
The OIG provided specific examples of the vulnerabilities exposed by the investigation:
- one State agency had not encrypted the hard drives of 14 portable laptop computers, leaving them susceptible to unauthorized access.
- one State agency had not established any type of formal agency-wide inventory mechanism to account for all information system components and devices and was unable to identify all workstations and servers that were authorized to access the secure network and so needed to be properly secured.
- one State agency had not enabled the network user account lockout function after unsuccessful login attempts, an error that could have allowed intruders to successfully run automated login attack tools without detection.
- one State agency was using an insecure remote access method, which sent unencrypted data (including passwords) across the Internet, to perform system administration functions within its MMIS [Medicaid Management Information Systems].
- one State agency’s physical access control policies and procedures did not address the review of electronic badge access rights; consequently, some terminated employees still had access to the datacenter housing the State agency’s MMIS.
- one State agency had not established formal policies and procedures to address the antivirus software deployment and update requirements. In the absence of formal antivirus deployment policies and procedures, more than 1,000 workstations and 200 servers from the State agency’s network were not reporting to the antivirus software control console, which was used to track the antivirus deployment and update status. Without updated antivirus deployment, State agencies expose their networks to known vulnerabilities, which could leave sensitive systems and data susceptible to unauthorized access and exploitation.
In the report's conclusion, the OIG repeated the warning of the "serious vulnerabilities" found in the ten states studied. The state Medicaid agencies told the OIG that the vulnerabilities were being addressed. The OIG said that "management should make information system security a higher priority," and that the inspector general was continuing to investigate in this area.
With full implementation of the Affordable Care Act (ACA) in 2014, Medicaid will see a massive increase in enrollment even with only about half of states participating in the ACA-related expansion. As many as 8.9 million low-income Americans will meet the revised income threshold for eligibility. With the personal information of nearly 9 million more Americans running through state Medicaid systems, the increased strain on the system and workload of state personnel serve to increase the urgency of addressing these serious security shortcomings.
7:32 AM, Oct 18, 2013 • By JERYL BIER
In light of the beating the Obama administration is taking over the ignominious launch of the Obamacare insurance marketplaces, it makes sense that the White House would be looking for good news to share. The White House Twitter account attempted to provide a boost on Thursday with the following:
8:44 AM, Aug 29, 2013 • By JERYL BIER
The state of Alabama received bonus payments from Medicaid for 2009 and 2010 that were a stunning 13 times higher than the state was eligible for. So says the inspector general (IG) for Health and Human Services in a report released on Wednesday.
10:24 AM, Mar 15, 2013 • By DANIEL HALPER
In a report on its website, the credit rating firm Moody's pushes for Medicaid expansion. The firm warns that states who do not expand Medicaid will face "political and budgetary pressure."
11:45 AM, Feb 27, 2013 • By JEFFREY H. ANDERSON
Yesterday, Chris Christie became the eighth Republican governor to capitulate on Obamacare’s massive Medicaid expansion, declaring his desire to implement it in his state. Yet while Christie wasn’t the first GOP governor to fold, he was presumably the first to offer the novel defense that his decision somehow won’t cost federal taxpayers any money.
1:01 PM, Jan 22, 2013 • By MICHAEL WARREN
Wisconsin congressman Paul Ryan knocked President Barack Obama for "shadowbox[ing] a straw man" in his inaugural address. Speaking Tuesday morning on the Laura Ingraham Radio Show to guest host Raymond Arroyo, Ryan responded to Obama's statement that Medicare, Medicaid, and Social Security "do not make us a nation of takers, they free us to take the risks that make this country great."
Ryan called Obama's insinuation that he and other reform-minded Republicans consider recipients of these benefits "takers" a "switcheroo."
5:35 PM, Jan 16, 2013 • By GEOFFREY NORMAN
The head of the AARP has stated clearly where his organization stands on the matter of cutting entitlements. As Kate Ackley reports in Roll Call:
12:14 PM, Nov 16, 2012 • By JEFFREY H. ANDERSON
First off, it’s not a “fiscal cliff.” What we’re slated to hit as of New Year’s Day, as the Wall Street Journal notes, is a tax cliff. Our fiscal cliff, which drops off into a far deeper canyon, is what looms because of our $16,000,000,000,000 debt and the runaway entitlement spending that fuels it — Medicare, Medicaid, (and now) Obamacare. In truth, the debt deal passed in the summer of 2011 — which the press now says we must scrap if we are to avoid the “fiscal cliff” — was designed to postpone our going over the (actual) fiscal cliff.
10:01 AM, Oct 9, 2012 • By JEFFREY H. ANDERSON
During last Wednesday’s presidential debate, President Obama claimed that the private sector just can’t match the leanness and efficiency of the federal government. He was speaking specifically about privately covered health care versus government-run health care.
6:00 AM, Jul 6, 2012 • By JAY COST
The Hill reports:
Obama touted the Supreme Court’s decision to uphold his signature healthcare reform legislation to cheers from a crowd of his supporters.
“The law I passed is here to stay,” he told an audience composed largely of Ohio automobile manufacturing workers.
9:22 AM, Jun 15, 2012 • By JEFFREY H. ANDERSON
In his speech yesterday, President Obama said, “[M]y plan would reduce our yearly domestic spending to its lowest level as a share of the economy in nearly 60 years.” Such an amazing claim is made possible only by excluding the two domestic programs that have contributed the most to our nearly $16 trillion debt: Medicare and Medicaid.
Who is in charge: the government or the patient? 9:22 PM, Sep 27, 2011 • By JEFFREY H. ANDERSON
During a major speech today at the Hoover Institution at Stanford University, Paul Ryan laid out his vision of health care reform, saying, “Choice and competition are critical to controlling costs…[and] improving quality….And yet, across the federal landscape, choice and competition are undermined by poorly designed programs and tax policies.” In other words, to fix our health care system, we need to undo the problems the government has created, rather than further empowering the government.