Why OIG Did This Audit. We are conducting a series of audits of State Medicaid Management Information Systems (MMIS) and Eligibility and Enrollment (E&E) system of selected States to determine how well these systems are protected when subjected to cyberattacks. Our objectives were to determine whether (1) security controls in operation at South Dakota’s MMIS and E&E system environments were effective in preventing certain cyberattacks, (2) the likely level of sophistication or complexity an attacker needs to compromise the South Dakota MMIS and E&E system or its data, and (3) South Dakota’s ability to detect cyberattacks against its MMIS and E&E system and respond appropriately. How OIG Did This Audit. We conducted a penetration test of South Dakota’s MMIS and E&E system from November 2021 through January 2022. The penetration test focused on the MMIS and E&E system’s public IP addresses and web application URLs. We also conducted a simulated phishing campaign that included a limited number of South Dakota personnel in February 2022. We contracted with XOR Security, LLC (XOR), to assist in conducting the penetration test. We closely oversaw the work performed by XOR, and the assessment was performed in accordance with agreed upon Rules of Engagement among OIG, XOR, and South Dakota.
Copyright:
The National Library of Medicine believes this item to be in the public domain. (More information)