US Medicaid and Medicare systems lack security, says report

October 9, 2006: An article in the New York Times reports of poor security in the central computer system of Medicaid and Medicare that could even lead to the disruption of its services affecting millions of people in the US.An investigation by the Government Accountability Office (GAO) showed that critical security controls were absent in the system. The central computer was found to have poor passwords that were anyone's guess, and loose password controls that made unauthorized access easy. Moreover, there was no method to track the user or usage of this network, and data in the system was not coded, all of which made access to, and modification of information about a person's personal, financial, and medical details very hassle-free.
This is a threat to the security of millions of beneficiaries of Centers for Medicare and Medicaid Services since its database is linked to a vast network comprising, besides hospitals and nursing homes, financial organizations like banks and insurance companies too. The investigation was called for after a theft was reported in May, by the Department of Veterans Affairs, of a laptop with data of millions of veterans from the residence of an employee of the agency.That the network is used not only for payment of claims but also for communication with the state's Medicaid agencies, healthcare orgaqnizations and private contractors increases the need for the concerned agencies to fix the problem as soon as possible, says officials.“No security breaches have occurred, said Dr. Mark McClellan, Administrator, Centers for Medicare and Medicaid Services to the newspaper. He is also reported to have agreed to fix the problems quickly.