Federal Reports

State Medicaid agencies and their contractors maintain and process health information for millions of beneficiaries. Prior OIG reviews have identified vulnerabilities in States' information systems and controls-vulnerabilities that could have resulted in unauthorized disclosure of protected health information (PHI). States must be prepared to respond to breaches to limit potential harm, such as identity theft and fraudulent billing.

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements

The audit objectives were to determine whether program funds were managed in accordance with the ARC and Federal grant requirements

Information Memorandum for Secretary Mnuchin

The OIG investigated suspicious internet traffic discovered during an IT security audit of the computer network at the U.S. Geological Survey (USGS), Earth Resources Observation and Science (EROS) Center satellite imaging facility in Sioux Falls, SD. The audit found indications that a USGS employee’s computer was compromised and infected with malware. We sought to confirm how a compromise occurred.We found that the employee knowingly used U.S. Government computer systems to access unauthorized internet web pages. We also found that those unauthorized pages hosted malware that downloaded to the employee’s Government laptop. The malware then exploited USGS’ system; it introduced additional malicious code, reduced the Department’s ability to monitor exploits, introduced a covert channel program, and automatically connected to malicious websites in Russia. We did not find evidence that the employee intentionally introduced the malware, nor was there evidence of data exfiltration. We issued a separate Management Advisory related to this investigation discussing vulnerabilities in USGS’ IT security posture.The employee retired a day before his employment was to be terminated. We provided this report to the Director of the USGS.