AGENCY LAUNCHED INITIATIVE TO PROTECT VITAL RECORDS PRIOR TO BREACH AT NIKKI HALEY’S REVENUE DEPARTMENT
The S.C. Department of Health and Environmental Control (SCDHEC) has been stepping up its data security efforts for several months now, but an unprecedented security breach at Nikki Haley’s Department of Revenue (SCDOR) has prompted director Catherine Templeton to ramp up the implementation of new protective measures at her agency.
As part of that effort, SCDHEC’s website has been offline for the last week as part of an ongoing vulnerability assessment.
Given the status of the SCDHEC website, several sources reached out to FITS recently speculating about a possible security breach at SCDHEC – however our sources at the agency have confirmed that no such breach occurred. Fortunately it appears as though SCDHEC’s vital records – along with its sensitive health data and nuclear monitoring information – were among the very first things Templeton moved to protect after taking the reins of the agency earlier this year.
And rightfully so …
Like S.C. State Treasurer Curtis Loftis – who scheduled a cyber security panel long before the SCDOR breach – Templeton appears to have been ahead of the curve when it comes to performing the core government function of safeguarding citizens’ personal information.
You know … unlike Haley.
“I hired a Chief Security Officer before the breach and we have been taking proactive steps to ensure the security of some of the state’s most valuable and sensitive information (health, nuclear, vital records),” Templeton notes in a statement provided to FITS. “As part of our ongoing assessments, we have taken the website down to verify that there are no issues and have conducted full website vulnerability testing.”
Templeton’s statement also confirmed information from our sources indicating that there was no breach at SCDHEC.
“We have no evidence of any compromise and are working through our entire system,” Templeton’s statement continues. “We will have the website partially operational (Wednesday), but will keep portions of it down until I am satisfied that we are diligently protecting the information we are charged with keeping secure. In the meantime, our customers can contact us at 803-898-DHEC (3432).”
In contrast to Templeton and Loftis’ efforts, Haley’s handling of the SCDOR breach has been one disaster after another … one with a potentially enormous price tag.
Beginning on August 27, hackers began infiltrating SCDOR’s computer network – stealing the business tax information along with 3.8 million Social Security numbers and nearly 400,000 credit and debit card numbers. South Carolina officials never knew they had been hacked. In fact it wasn’t until October 10 that they were alerted to the breach by federal law enforcement authorities. It took another sixteen days for South Carolinians to learn that their data had been compromised.
Haley’s administration initially claimed that no business information had been stolen during the unprecedented breach. She also stated that “nothing could have been done” to prevent the hack – and that South Carolina had used “industry standard” security measures to protect its data.
All of these claims have been proven false.
This website has been harshly critical of Templeton in the past. In fact we weren’t thrilled with her selection at SCDHEC, and we’re still waiting for her drop the big ax that needs to fall on this overgrown bureaucracy. Also, we’re waiting for her to stake out concrete views on long overdue agency consolidation proposals across state government – restructuring plans which would no doubt disproportionately impact her expansive fiefdom.
Having said all of that, we’ve been impressed with Templeton and Loftis as it relates to the foresight they have shown in making data security a top priority at their agencies.
Now if only Haley had shown the same good judgment …
Of course she has been busy doing other things.