Audit Finds State IT Projects Need Better Oversight
Email to a friend
Permalink
Monday, March 30, 2015
Robby Davis, GoLocalPDX Contributor
Recently, the state of Oregon has taken measures to ensure the success of several information technology (IT) projects. Although Oregon is headed in the right direction, the new state
audit believes that further action is required.
Auditors have warned the Department of Administrative Services (DAS) that the current model may not detect or prevent certain problems, such as those that the state encountered with other major projects over the last few years. The auditors examined reports and documentation about past projects in order to identify common issues and their causes.
“Replacing computer systems is difficult and risky. We wanted to see whether the state was taking the right steps to oversee these projects,” said Secretary of State Jeanne Atkins. “They are on the right track, but there is more to be done to improve Oregon’s IT project success rate.”
The new audit recently evaluated “State Gate Oversight,” a new DAS-run model for overseeing larger IT projects. They concluded that State Gate is headed in the right direction, but there are still several obstacles that need to be overcome. Unfortunately, State Gate hasn’t been fully developed and they lack the appropriate and sufficient staff to implement it.
The audit team consisted of William Garber, Neal Weatherspoon, Erika Ungern, Matthew Owens and Amy Mettler.
Related Slideshow: Recent Data Breaches in Oregon
Here are some of the biggest data and security breaches in Oregon between 2015 and 2012, according to Privacy Rights Clearinghouse:
Prev
Next
The Oregon Department of Administrative Services
March 20, 2015
The department's meta data, including time stamps the size of flies, was disclosed on Friday, March 20, by an unidentified hacker.
The attack was detected by intrusion software, and investigated by the department, but no personally identifying information was compromise
Prev
Next
LifeWise Health Plan of Oregon
March, 2015
A cyber attack on LifeWise and it's parent company Premera Blue Cross exposed the personal identification of 250,000 Oregonians to unauthorized access.
Prev
Next
Oregon Employment Department
Date: Oct. 10, 2014
Location: Portland
Records Compromised: 820,000
A database containing personal information from people searching for jobs through WorkSource Oregon was breached.
Prev
Next
Made in Oregon
Date: Dec. 3, 2013
Location: Portland
Records Compromised: 1,700
The company’s website, with credit card information, may have been accessed by unauthorized parties.
Prev
Next
Samaritan Family Medicine Resident Clinic
Date: Nov. 4, 2013
Location: Corvallis
Records Compromised: 1,222
Un-shredded medical documents were found in a dumpster near the offices. Prescriptions, diagnoses and sensitive medical information were on the documents.
Prev
Next
Bonneville Power Administration
Date: Aug. 27, 2013
Location: Portland
Records Compromised: 3,100
BPA employee names, Social Security numbers, and dates of birth were distributed by a cyber attack.
Prev
Next
Oregon Health & Science University
Date: July 29, 2013
Location: Portland
Records Compromised: 3,000
OHSU patient information was placed on Google’s cloud computing system. OHSU did not have a contract with Google, so the information could have been used for promotional purposes due to the storage error.
Prev
Next
Oregon State University
Date: July 29, 2012
Location: Oregon State University
Records Compromised: 21,000
During a software upgrade, an unnamed check printing vender copied data that included student and employee names, IDs, check numbers, check amounts, and possibly some Social Security numbers.
Prev
Next
Eugene School District 4J
Date: June 11, 2012
Location: Eugene
Records Compromised: 16,000
An unauthorized source accessed confidential files containing student personal information, such as Social Security numbers, dates of birth, and phone numbers.
Prev
Next
Office of Dr. Rex Smith
Date: April 20, 2012
Location: Eugene
Records Compromised: 20,915
During a burglary, a computer with patient names, Social Security numbers, and dates of birth was stolen.
Prev
Next
Key Bank
Date: May 9, 2012
Location: Springfield
Records Compromised: 2,937
A bank manager gathered and transferred customer names, Social Security numbers, and dates of birth.
Prev
Next
Applegate Valley Family Medicine
Date: April 2, 2012
Location: Grants Pass
Records Compromised: 2,300
Patient information was compromised when a laptop was stolen.
Related Articles
Enjoy this post? Share it with others.
Email to a friend
Permalink
Follow us on Pinterest Google + Facebook Twitter See It Read It