MedicaidAdministrativeHigh impact
***June 2026 InterChange Newsletter***
Connecticut Medicaid (HUSKY Health)·CT·Provider Bulletin
Effective date
Aug 1, 2026
We identified it
Jul 10, 2026
Summary
Connecticut Medicaid (CMAP) has implemented three phases of web portal security enhancements, with the most critical change being mandatory Multi-Factor Authentication (MFA) effective August 1, 2026. All providers, trading partners, and drug labelers must comply with stronger password standards (15-30 characters, updated every 60 days) and new security question structures. Billing teams must ensure all staff complete MFA enrollment by August 1, 2026, or portal access will be blocked.
Action Required
By August 1, 2026: All billing staff, providers, and administrative users accessing the CMAP Web Portal must complete Multi-Factor Authentication (MFA) enrollment. Choose either Authenticator App (Microsoft Authenticator, Google Authenticator, or Authy) or Email Verification as your MFA method. Immediately (effective April 21, 2026): Update all staff passwords to meet new standards (15-30 characters, containing at least 3 of 4 character types: uppercase, lowercase, numbers, special characters). Reset passwords every 60 days and do not reuse any of the previous 6 passwords. By May 13, 2026: Master Users and Local Administrators must update security questions using the new drop-down format in Account Maintenance within the Web Portal—do not use free-form answers. Critical: Security answers must NOT contain special characters (only letters, numbers, and spaces permitted). Educate all staff that accounts will lock after 4 failed login attempts or 2 failed security question attempts, and inactive accounts will be auto-disabled after 90 days. Designate Master Users as account unlock contacts for clerk staff. For issues contact Provider Assistance Center: 1-800-842-8440 (Monday-Friday, 8am-5pm).