Weaknesses in Molina's Information System General Controls Over Its Medicaid Claims Processing System Increase Vulnerabilities
Download the complete report
Adobe® Acrobat® is required to read PDF files.
The Idaho Department of Health and Welfare (State agency) did not ensure that Molina Medicaid Solutions (Molina) implemented adequate information system general controls over the State agency's Medicaid Management Information System (MMIS). We identified 21 reportable weaknesses, which we consolidated into 6 findings. Specifically, Molina had weak user authentication for remote network access, an inadequate password history policy, and inadequate encryption of network passwords; inadequate security settings for network devices, inadequate management of the Medicaid claims database, and no written policies for patch management; and no security policies and procedures to periodically review and account for inventory of portable devices, no policies and procedures for annual security awareness training, and inadequate policies and procedures for terminated and transferred employees and for background checks of employees. We recommended that the State agency ensure that Molina implements adequate information system general controls over the State agency's MMIS. The State agency concurred with all of our specific recommendations except for parts of two recommendations.
Let's start by choosing a topic
Priority recommendations summarized.
FY 2016 Work Plan
OIG projects planned for 2016.
Significant OIG activities in 6-month increments.