Audit Finds State IT Projects Need Better Oversight

Monday, March 30, 2015

Robby Davis, GoLocalPDX Contributor

Recently, the state of Oregon has taken measures to ensure the success of several information technology (IT) projects. Although Oregon is headed in the right direction, the new state audit believes that further action is required.

Auditors have warned the Department of Administrative Services (DAS) that the current model may not detect or prevent certain problems, such as those that the state encountered with other major projects over the last few years. The auditors examined reports and documentation about past projects in order to identify common issues and their causes.

“Replacing computer systems is difficult and risky. We wanted to see whether the state was taking the right steps to oversee these projects,” said Secretary of State Jeanne Atkins. “They are on the right track, but there is more to be done to improve Oregon’s IT project success rate.”

The new audit recently evaluated “State Gate Oversight,” a new DAS-run model for overseeing larger IT projects. They concluded that State Gate is headed in the right direction, but there are still several obstacles that need to be overcome. Unfortunately, State Gate hasn’t been fully developed and they lack the appropriate and sufficient staff to implement it.

The audit team consisted of William Garber, Neal Weatherspoon, Erika Ungern, Matthew Owens and Amy Mettler.

Related Slideshow: Recent Data Breaches in Oregon

Here are some of the biggest data and security breaches in Oregon between 2015 and 2012, according to Privacy Rights Clearinghouse:

Prev Next

The Oregon Department of Administrative Services

March 20, 2015

The department's meta data, including time stamps the size of flies, was disclosed on Friday, March 20, by an unidentified hacker.

The attack was detected by intrusion software, and investigated by the department, but no personally identifying information was compromise

Prev Next

LifeWise Health Plan of Oregon

March, 2015

A cyber attack on LifeWise and it's parent company Premera Blue Cross exposed the personal identification of 250,000 Oregonians to unauthorized access.

Prev Next

Oregon Employment Department

Date: Oct. 10, 2014

Location: Portland

Records Compromised: 820,000

A database containing personal information from people searching for jobs through WorkSource Oregon was breached.

Prev Next

Made in Oregon

Date: Dec. 3, 2013

Location: Portland

Records Compromised: 1,700

The company’s website, with credit card information, may have been accessed by unauthorized parties.

Prev Next

Samaritan Family Medicine Resident Clinic

Date: Nov. 4, 2013

Location: Corvallis

Records Compromised: 1,222

Un-shredded medical documents were found in a dumpster near the offices. Prescriptions, diagnoses and sensitive medical information were on the documents.

Prev Next

Bonneville Power Administration

Date: Aug. 27, 2013

Location: Portland

Records Compromised: 3,100

BPA employee names, Social Security numbers, and dates of birth were distributed by a cyber attack.

Prev Next

Oregon Health & Science University

Date: July 29, 2013

Location: Portland

Records Compromised: 3,000

OHSU patient information was placed on Google’s cloud computing system. OHSU did not have a contract with Google, so the information could have been used for promotional purposes due to the storage error.

Prev Next

Oregon State University

Date: July 29, 2012

Location: Oregon State University

Records Compromised: 21,000

During a software upgrade, an unnamed check printing vender copied data that included student and employee names, IDs, check numbers, check amounts, and possibly some Social Security numbers.

Prev Next

Eugene School District 4J

Date: June 11, 2012

Location: Eugene

Records Compromised: 16,000

An unauthorized source accessed confidential files containing student personal information, such as Social Security numbers, dates of birth, and phone numbers.