South Dakota MMIS and E&E system security controls were partially effective and improvements are needed
- Collection:
- Health Policy and Services Research
- Contributor(s):
- United States. Department of Health and Human Services. Office of Inspector General. Office of Audit Services, issuing body.
- Publication:
- [Washington, D.C.] : U.S. Department of Health and Human Services, Office of Inspector General, October 2023
- Language(s):
- English
- Format:
- Text
- Subject(s):
- Computer Security -- legislation & jurisprudence Financial Audit Government Regulation Health Information Systems -- legislation & jurisprudence Medicaid -- organization & administration South Dakota
- Genre(s):
- Technical Report
- Abstract:
- Why OIG Did This Audit. We are conducting a series of audits of State Medicaid Management Information Systems (MMIS) and Eligibility and Enrollment (E&E) system of selected States to determine how well these systems are protected when subjected to cyberattacks. Our objectives were to determine whether (1) security controls in operation at South Dakota’s MMIS and E&E system environments were effective in preventing certain cyberattacks, (2) the likely level of sophistication or complexity an attacker needs to compromise the South Dakota MMIS and E&E system or its data, and (3) South Dakota’s ability to detect cyberattacks against its MMIS and E&E system and respond appropriately. How OIG Did This Audit. We conducted a penetration test of South Dakota’s MMIS and E&E system from November 2021 through January 2022. The penetration test focused on the MMIS and E&E system’s public IP addresses and web application URLs. We also conducted a simulated phishing campaign that included a limited number of South Dakota personnel in February 2022. We contracted with XOR Security, LLC (XOR), to assist in conducting the penetration test. We closely oversaw the work performed by XOR, and the assessment was performed in accordance with agreed upon Rules of Engagement among OIG, XOR, and South Dakota.
- Copyright:
- The National Library of Medicine believes this item to be in the public domain. (More information)
- Extent:
- 1 online resource (1 PDF file (15 pages))
- NLM Unique ID:
- 9918750683606676 (See catalog record)
- Permanent Link:
- http://resource.nlm.nih.gov/9918750683606676