Submitting OIG:
Report Description:
The Minnesota's Health Insurance Marketplace (MNsure) had implemented security controls, policies, and procedures intended to prevent vulnerabilities in its Web applications (Web site), database, and other supporting information systems. However, it did not always comply with Federal and State information technology requirements when it implemented those security controls, policies, and procedures, which increased MNsure's risk that personally identifiable information (PII) could have been exposed. We conducted tests of MNsure's Web site, database, and supporting information systems and found weaknesses in MNsure systems. Although we did not identify evidence that the vulnerabilities had been exploited, exploitation could have resulted in unauthorized access to and disclosure of PII, as well as disruption of critical marketplace operations. The vulnerabilities were collectively and, in some cases, individually significant and could have potentially compromised the integrity of the marketplace.
Date Issued:
Monday, September 26, 2016
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
A-06-15-00035
Component, if applicable:
Centers for Medicare & Medicaid Services
Location(s):
MN
United StatesType of Report:
Audit
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
4
View Document:
Attachment | Size |
---|---|
61500035.pdf | 369.22 KB |
Additional Details Link: