Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Inadequate Security Management Practices Left Utah Department of Health Sensitive Medicaid Data at Risk of Unauthorized Disclosure

Issued on  | Posted on  | Report number: A-07-15-00455

Report Materials

The Utah Department of Technology Services' management had not established an effective enterprise security control structure to ensure that adequate information system general controls were implemented in conformance with Federal requirements over the systems used to support the Utah Department of Health's Medicaid eligibility determination and claims processing. These inadequate security management practices put Medicaid systems and data at risk.

We identified 39 high-impact, reportable weaknesses during our earlier comprehensive information system general controls audit of the systems used to support the Utah Department of Health's Medicaid eligibility determination and claims processing.

In written comments on our draft report, the auditee concurred with our recommendations and described corrective actions that it had taken or planned to take.


-
-
-