We summarized the high-risk security vulnerabilities that we identified as audit findings in our previous reviews of information system general controls at three California Medi Cal managed-care organizations (MCOs). We identified 74 high-risk security vulnerabilities in the information system general controls at the 3 Medi-Cal MCOs we reviewed. We grouped these 74 vulnerabilities into 14 security control areas within 3 information system general control categories: access controls, configuration management, and security management. In 6 of the 14 security control areas, all 3 MCOs had vulnerabilities, which accounted for 53 of the 74 vulnerabilities. Accordingly, we determined that most of the 74 vulnerabilities were significant and pervasive.
Report File
Date Issued
Submitting OIG
Department of Health & Human Services OIG
Other Participating OIGs
Department of Health & Human Services OIG
Agencies Reviewed/Investigated
Department of Health & Human Services
Report Number
A-09-15-03004
Report Description
Report Type
Audit
Agency Wide
Yes
Number of Recommendations
0
Questioned Costs
$0
Funds for Better Use
$0
Additional Details
