trending Market Intelligence /marketintelligence/en/news-insights/trending/nwk95vpIULn3cvFIyr81XA2 content esgSubNav
Log in to other products

Login to Market Intelligence Platform

 /


Looking for more?

Contact Us
In This List

CMS must enhance health insurance marketplace information security, says GAO

Infrastructure Issues: Tools to Dig Deep on Potential Risks

Part Two IFRS 9 Blog Series: The Need to Upgrade Analytical Tools

2018 US Property Casualty Insurance Market Report

Fintech

Fintech Funding Flows To Insurtech In February


CMS must enhance health insurance marketplace information security, says GAO

The U.S. Government Accountability Office has recommended thatthe Centers for Medicare & Medicaid Services define procedures for overseeingthe security of state-based marketplaces and require continuous monitoring of statemarketplace security controls, according to a March 23 release.

The recommendations follow the identification by GAO of weaknessesin technical controls protecting the data flowing through the Federal Data ServicesHub, including insufficiently restricted administrator privileges for data hub systems,inconsistent application of security patches and insecure configuration of an administrativenetwork. GAO noted that the CMS reported 316 security-related incidents, betweenOctober 2013 and March 2015, affecting Healthcare.gov and its supporting systems.

GAO also identified additional weaknesses in technical controlsthat could place sensitive information at risk of unauthorized disclosure, modificationor loss. In a separate report, with limited distribution, GAO recommended 27 actionsto mitigate the identified weaknesses.

GAO said that improvements are needed in CMS' oversight of thesecurity and privacy of data processed and maintained by state-based marketplaces.GAO noted that the CMS has not defined specific oversight procedures or what follow-upcorrective actions should be performed if deficiencies are identified. CMS alsodoes not require sufficiently frequent monitoring of the effectiveness of securitycontrols for state-based marketplaces, only requiring testing once every three years.

The Department of Health and Human Services concurred with GAO'srecommendations.