SC

SCDHEC Continues Data Security Efforts

AGENCY LAUNCHED INITIATIVE TO PROTECT VITAL RECORDS PRIOR TO BREACH AT NIKKI HALEY’S REVENUE DEPARTMENT The S.C. Department of Health and Environmental Control (SCDHEC) has been stepping up its data security efforts for several months now, but an unprecedented security breach at Nikki Haley’s Department of Revenue (SCDOR) has prompted…

AGENCY LAUNCHED INITIATIVE TO PROTECT VITAL RECORDS PRIOR TO BREACH AT NIKKI HALEY’S REVENUE DEPARTMENT

The S.C. Department of Health and Environmental Control (SCDHEC) has been stepping up its data security efforts for several months now, but an unprecedented security breach at Nikki Haley’s Department of Revenue (SCDOR) has prompted director Catherine Templeton to ramp up the implementation of new protective measures at her agency.

As part of that effort, SCDHEC’s website has been offline for the last week as part of an ongoing vulnerability assessment.

Given the status of the SCDHEC website, several sources reached out to FITS recently speculating about a possible security breach at SCDHEC – however our sources at the agency have confirmed that no such breach occurred.  Fortunately it appears as though SCDHEC’s vital records – along with its sensitive health data and nuclear monitoring information – were among the very first things Templeton moved to protect after taking the reins of the agency earlier this year.

And rightfully so …

Like S.C. State Treasurer Curtis Loftis – who scheduled a cyber security panel long before the SCDOR breach – Templeton appears to have been ahead of the curve when it comes to performing the core government function of safeguarding citizens’ personal information.

You know … unlike Haley.

“I hired a Chief Security Officer before the breach and we have been taking proactive steps to ensure the security of some of the state’s most valuable and sensitive information (health, nuclear, vital records),” Templeton notes in a statement provided to FITS.  “As part of our ongoing assessments, we have taken the website down to verify that there are no issues and have conducted full website vulnerability testing.”

Templeton’s statement also confirmed information from our sources indicating that there was no breach at SCDHEC.

“We have no evidence of any compromise and are working through our entire system,” Templeton’s statement continues.  “We will have the website partially operational (Wednesday), but will keep portions of it down until I am satisfied that we are diligently protecting the information we are charged with keeping secure.  In the meantime, our customers can contact us at 803-898-DHEC (3432).”

In contrast to Templeton and Loftis’ efforts, Haley’s handling of the SCDOR breach has been one disaster after another … one with a potentially enormous price tag.

Beginning on August 27, hackers began infiltrating SCDOR’s computer network – stealing the business tax information along with 3.8 million Social Security numbers and nearly 400,000 credit and debit card numbers.  South Carolina officials never knew they had been hacked.  In fact it wasn’t until October 10 that they were alerted to the breach by federal law enforcement authorities.  It took another sixteen days for South Carolinians to learn that their data had been compromised.

Haley’s administration initially claimed that no business information had been stolen during the unprecedented breach.  She also stated that “nothing could have been done” to prevent the hack – and that South Carolina had used “industry standard” security measures to protect its data.

All of these claims have been proven false.

Not only that, Haley has yet to take responsibility for the hack.  In fact her SCDOR director was one of several state agency heads to receive a 7 percent pay raise this week.

This website has been harshly critical of Templeton in the past.  In fact we weren’t thrilled with her selection at SCDHEC, and we’re still waiting for her drop the big ax that needs to fall on this overgrown bureaucracy.  Also, we’re waiting for her to stake out concrete views on long overdue agency consolidation proposals across state government – restructuring plans which would no doubt disproportionately impact her expansive fiefdom.

Having said all of that, we’ve been impressed with Templeton and Loftis as it relates to the foresight they have shown in making data security a top priority at their agencies.

Now if only Haley had shown the same good judgment …

Of course she has been busy doing other things.

***

Related posts

SC

South Carolina Lottery Slammed By Auditors

Will Folks
SC

Susan Smith Saga: Prison ‘Sexploits’ Imperil Infamous Killer’s Parole Bid

Will Folks
SC

‘Gun Grant’ Scandal Brewing In North Charleston

Will Folks

25 comments

Upstater November 14, 2012 at 1:23 pm

Much ado about nothing. All show and no substance. It’s not like the hack of SCDOR’s system was via its agency website. It’s all the internal systems with remote access from the internet that’s the problem. This is akin to closing and locking your front door while leaving the windows on the back of the house open. As long as you have idiots who have access to vast amounts of data that can be tricked into freely giving up their credentials to said data, taking a website offline doesn’t help anything but make it more difficult to do business with your customers.

Reply
hum_dinger November 14, 2012 at 3:45 pm

I disagree – these bozo’s in state government have demonstrated without a reasonable doubt that they are unqualified to maintain Personal Identifiable Information (PII).

HIPPA breach by SCDHEC would yield *massive* lawsuits – Catherine is wise by blocking all system access.

I would be quite happy if she announced that they just gonna go back to paper *OR* that they are going to hire *QUALIFIED* data architects and system administrators to protect our data.

What I’ve seen so far leaves a lot to be desired from any Agency in this state.

SC = security joke, now known world wide .

Reply
Upstater November 14, 2012 at 4:36 pm

I guess I misunderstood what she did. I read it as, “they took down the SC DHEC web server” until things can get secured. My point is, the important data isn’t on their front-facing web server, it’s in back-end servers that have “secure” doors to the internet for remote access by staff and other “authorized” users. Seems like a PR stunt to make it look like she’s taking it seriously. Who knows, you can’t trust any of these boobs anymore.

Does anyone else find it painful to watch Haley talk about this topic during her press conferences? Today she was talking about “the Hand” (huh?) and DSIT as if DSIT is some sort of application. DSIT is a branch of state government as far as I know, not a computer program. She clearly has no clue of what she speaks.

Reply
Sandra November 14, 2012 at 8:23 pm

Have you noticed that many of Haley’s appointments and buds reside in the Lowcountry like Templeton, Abe Turner (SC DEW head do state), Harrell, and others? I was told Mr. Turner commutes back and forth to Columbia in a state issued car. A friend who works at DEW said Mr. Turner has a pearl white crown Vic and a black crown Vic to drive once he gets to Columbia. I hope my friend is wrong otherwise as a taxpayer, I would be pissed.

Reply
coolhandluke November 14, 2012 at 1:26 pm

whoa. who’s the blonde in the pic?

Reply
Gumbo November 14, 2012 at 1:43 pm

that’s one piece of ass. templeton?

Reply
hum_dinger November 14, 2012 at 1:47 pm

They could *at least* have left critically important telephone numbers to DHEC offices.

You know, like ones to call when there’s been a massive chemical spill or some kind of biological attack.

Not in SC – nope.

Keep’em in the dark – just like Nikki did w/ SCDOR breach.

Nice job dhec.

You FAIL website design 101.

Reply
SparkleCity November 14, 2012 at 1:53 pm

How in the hell am I supposed to get the weekly restaurant ratings?????

Oh, I forgot, they cut back on inspections when Queen Namrata took office & appointed Templeton head “checker”

Reply
SparkleCity November 14, 2012 at 2:40 pm

SC Poision Control Center:800-922-1117
DHEC Emergency/Hazardous Spills:800-253-6488
Toxic Spill Response Center: 800-424-8802

Now, maybe you can sleep tonight “hum-dinger”

BTW: Don’t EVER rely on a fucking “puter” in case of an emergency

My job is done.

I’m taking the rest of the day off…….

Reply
Mr. Dixie November 14, 2012 at 2:21 pm

How is this woman doing in curing South Carolina’s fat people ?

Reply
insider November 14, 2012 at 3:06 pm

Looks like Cat has put on some pounders.

Reply
Billy-Bob November 14, 2012 at 3:32 pm

Pretty sure the info SC DHEC holds is of public record.

Reply
hum_dinger November 14, 2012 at 3:41 pm

like social security numbers?

shucks – after SCDOR breach, ya, you are probably right ;)

They also have medical records (HIPPA) – unless you want your medical info released so it can be used against you, maybe it would be best that they just keep the whole thing offline and go back to physical paper.

South Carolina simply cannot be trusted with anything that involves electronic data.

Reply
insider November 14, 2012 at 4:05 pm

Like STD info?

Reply
Groggy November 14, 2012 at 6:29 pm

Some public-utility location information is not released for Homeland Security reasons.

It also holds a little propriatory trade information when that was needed for waste-disposal permitting.

Reply
shifty henry November 14, 2012 at 6:19 pm

Hmmmmm…..Kat looks yummy in this photo – but who is the “grinning skull” next to her? Sic, in the future please edit out unpleasant stuff like him.

Reply
Shifty November 14, 2012 at 6:59 pm

she sure does look fabulous – the small amount of extra weight looks good on her above the belt – but we all know that below the belt she’s got that leg problem – way too hefty. and that’s something girls get from their mommas

Reply
A Little Squirrel November 14, 2012 at 6:39 pm

Gee Will, you’re really becoming pretty blatant about kissing Templeton’s ass. You never had to work for the bitch. What you apparently don’t know is that other State agencies ramped up their IT security last year. SCDOR are apparently the ones left in the dust. Templeton did nothing great here.

Reply
sam November 14, 2012 at 8:19 pm

DHEC has always had sufficient firewalls to protect data. This is another example of Templeton taking credit for other people’s work. Wake up. This woman is a charlatan and a compulsive liar.

Reply
Sammy November 14, 2012 at 8:25 pm

Like her nemesis Haley?

Reply
wake-up people April 23, 2013 at 8:01 pm

and I second that !!!!

Reply
wake-up people April 23, 2013 at 8:01 pm

and I second that !!!!

Reply
DoWhat? November 14, 2012 at 8:39 pm

“I hired a Chief Security Officer before the breach and we have been taking proactive steps to ensure the security of some of the state’s most valuable and sensitive information (health, nuclear, vital records),” Templeton notes in a statement provided to FITS. ”As part of our ongoing assessments, we have taken the website down to verify that there are no issues and have conducted full website vulnerability testing.”

There was a CSO at DHEC YEARS before Ms. Templeton. He resigned earlier this year. A new CSO was named recently. I think Ms. Templeton may be doing a good job at DHEC but why claim that she hired the CSO…. I don’t get patting yourself on the back for something you did not do.

Reply
Lance Riprock November 15, 2012 at 8:09 am

I’m telling you, the woman looks yeasty.

Reply
Farnsworth November 15, 2012 at 2:00 pm

yeast got added to the extra 10 lbs. of stomach, see the new roll there

Reply

Leave a Comment