Skip Navigation Change Font Size

Audit (A-09-13-03001)

Weaknesses in Molina's Information System General Controls Over Its Medicaid Claims Processing System Increase Vulnerabilities

Complete Report

Download the complete report

Adobe® Acrobat® is required to read PDF files.


The Idaho Department of Health and Welfare (State agency) did not ensure that Molina Medicaid Solutions (Molina) implemented adequate information system general controls over the State agency's Medicaid Management Information System (MMIS). We identified 21 reportable weaknesses, which we consolidated into 6 findings. Specifically, Molina had weak user authentication for remote network access, an inadequate password history policy, and inadequate encryption of network passwords; inadequate security settings for network devices, inadequate management of the Medicaid claims database, and no written policies for patch management; and no security policies and procedures to periodically review and account for inventory of portable devices, no policies and procedures for annual security awareness training, and inadequate policies and procedures for terminated and transferred employees and for background checks of employees. We recommended that the State agency ensure that Molina implements adequate information system general controls over the State agency's MMIS. The State agency concurred with all of our specific recommendations except for parts of two recommendations.

I'm Looking For

Let's start by choosing a topic

Exclusions Database Report Fraud
Newsletter Sign Up Envelop Graphic

Stay up to date on the latest OIG news and opinions

Office of Inspector General, U.S. Department of Health and Human Services | 330 Independence Avenue, SW, Washington, DC 20201