Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it's official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Penetration Tests of State Medicaid Management Information Systems and Eligibility & Enrollment Systems

State Medicaid agencies use the Medicaid Management Information System (MMIS) for administrating the Medicaid program; processing beneficiary and provider inquiries and services; operating claims control and computer capabilities; and managing reporting for planning and control. State Medicaid Eligibility & Enrollment (E&E) systems support processes related to a determination of Medicaid coverage and required procedures necessary for registration. State agencies are responsible for the security of MMIS and E&E systems. HHS OIG will perform a series of penetration tests in select State MMIS or Medicaid E&E environments to identify cybersecurity vulnerabilities on high-risk information systems and networks.

Announced or Revised Agency Title Component Report Number(s) Expected Issue Date (FY)
Completed (partial) Centers for Medicare and Medicaid Services Penetration Tests of State Medicaid Management Information Systems and Eligibility & Enrollment Systems Office of Audit Services W-00-20-42028;
W-00-21-42028;
A-18-20-08005;
A-18-20-08004;
A-18-20-08003;
A-18-21-09003;
A-18-21-09004;
A-18-21-09001;
A-18-22-09005;
A-18-22-09010;
A-18-22-09009		 2025