Three days ago the federal government found South Carolina does not meet the federal requirements in safeguarding Medicaid Management Information System Data and Supporting Systems, putting beneficiaries at risk. It was only back in October 2012 Gov. Nikki Haley finally revealed that South Carolina Department of Revenue had been hacked.
Gov. Haley has been so busy seeking funding for big corporations and trying to end the Affordable Care Act, her misplaced priorities once again could put more South Carolina residents at risk.
WHAT WE FOUND
The State had not safeguarded MMIS data and supporting systems in accordance with Federal
requirements. Specifically, the State had not implemented an adequate risk management process
that included contractor oversight, established a security plan for the MMIS, implemented media
protection for laptop computers, met Federal requirements for the security of software and data,
adequately addressed vulnerabilities on network devices or Web sites, or implemented adequate
security awareness and role-based training programs. These weaknesses occurred because the
State had not established priorities or allocated the resources necessary to secure Medicaid
systems and information.
Although we did not find evidence that anyone had exploited these weaknesses, exploitation
could have resulted in unauthorized access to and disclosure of beneficiaries’ electronic
protected health information, as well as disruption of critical Medicaid operations. The
weaknesses were collectively and, in some cases, individually significant and could have
compromised the integrity of the State’s Medicaid program