– The Centers for Medicare and Medicaid Services (CMS) needs to improve its risk management oversight and security controls to ensure the availability of the Medicare enrollment database (EDB), concluded an HHS Office of Inspector General (OIG) audit released Sept. 18.
EDB is the primary source of Medicare enrollment information for the entire population of beneficiaries. It estimated that it would cost CMS $47 million per day if a cyberattack shut down the EDB.
For the report, the OIG reviewed CMS’s policies and procedures, interviewed staff, reviewed system security documentation, and conducted visits to contingency planning sites to determine whether EDB security controls were adequate.
The office’s objective was to determine whether CMS implemented security controls within the EDB to protect the confidentiality, integrity, and availability of Medicare enrollee data, in accordance with federal requirements.
OIG said it provided a restricted report to CMS that included five recommendations. CMS concurred with all the recommendations and stated the current system is being integrated into a…
