AGENCY LAUNCHED INITIATIVE TO PROTECT VITAL RECORDS PRIOR TO BREACH AT NIKKI HALEY’S REVENUE DEPARTMENT
The S.C. Department of Health and Environmental Control (SCDHEC) has been stepping up its data security efforts for several months now, but an unprecedented security breach at Nikki Haley’s Department of Revenue (SCDOR) has prompted director Catherine Templeton to ramp up the implementation of new protective measures at her agency.
As part of that effort, SCDHEC’s website has been offline for the last week as part of an ongoing vulnerability assessment.
Given the status of the SCDHEC website, several sources reached out to FITS recently speculating about a possible security breach at SCDHEC – however our sources at the agency have confirmed that no such breach occurred. Fortunately it appears as though SCDHEC’s vital records – along with its sensitive health data and nuclear monitoring information – were among the very first things Templeton moved to protect after taking the reins of the agency earlier this year.
And rightfully so …
Like S.C. State Treasurer Curtis Loftis – who scheduled a cyber security panel long before the SCDOR breach – Templeton appears to have been ahead of the curve when it comes to performing the core government function of safeguarding citizens’ personal information.
You know … unlike Haley.
“I hired a Chief Security Officer before the breach and we have been taking proactive steps to ensure the security of some of the state’s most valuable and sensitive information (health, nuclear, vital records),” Templeton notes in a statement provided to FITS. “As part of our ongoing assessments, we have taken the website down to verify that there are no issues and have conducted full website vulnerability testing.”
Templeton’s statement also confirmed information from our sources indicating that there was no breach at SCDHEC.
“We have no evidence of any compromise and are working through our entire system,” Templeton’s statement continues. “We will have the website partially operational (Wednesday), but will keep portions of it down until I am satisfied that we are diligently protecting the information we are charged with keeping secure. In the meantime, our customers can contact us at 803-898-DHEC (3432).”
In contrast to Templeton and Loftis’ efforts, Haley’s handling of the SCDOR breach has been one disaster after another … one with a potentially enormous price tag.
Beginning on August 27, hackers began infiltrating SCDOR’s computer network – stealing the business tax information along with 3.8 million Social Security numbers and nearly 400,000 credit and debit card numbers. South Carolina officials never knew they had been hacked. In fact it wasn’t until October 10 that they were alerted to the breach by federal law enforcement authorities. It took another sixteen days for South Carolinians to learn that their data had been compromised.
Haley’s administration initially claimed that no business information had been stolen during the unprecedented breach. She also stated that “nothing could have been done” to prevent the hack – and that South Carolina had used “industry standard” security measures to protect its data.
All of these claims have been proven false.
Not only that, Haley has yet to take responsibility for the hack. In fact her SCDOR director was one of several state agency heads to receive a 7 percent pay raise this week.
This website has been harshly critical of Templeton in the past. In fact we weren’t thrilled with her selection at SCDHEC, and we’re still waiting for her drop the big ax that needs to fall on this overgrown bureaucracy. Also, we’re waiting for her to stake out concrete views on long overdue agency consolidation proposals across state government – restructuring plans which would no doubt disproportionately impact her expansive fiefdom.
Having said all of that, we’ve been impressed with Templeton and Loftis as it relates to the foresight they have shown in making data security a top priority at their agencies.
Now if only Haley had shown the same good judgment …
Of course she has been busy doing other things.
***
25 comments
Much ado about nothing. All show and no substance. It’s not like the hack of SCDOR’s system was via its agency website. It’s all the internal systems with remote access from the internet that’s the problem. This is akin to closing and locking your front door while leaving the windows on the back of the house open. As long as you have idiots who have access to vast amounts of data that can be tricked into freely giving up their credentials to said data, taking a website offline doesn’t help anything but make it more difficult to do business with your customers.
I disagree – these bozo’s in state government have demonstrated without a reasonable doubt that they are unqualified to maintain Personal Identifiable Information (PII).
HIPPA breach by SCDHEC would yield *massive* lawsuits – Catherine is wise by blocking all system access.
I would be quite happy if she announced that they just gonna go back to paper *OR* that they are going to hire *QUALIFIED* data architects and system administrators to protect our data.
What I’ve seen so far leaves a lot to be desired from any Agency in this state.
SC = security joke, now known world wide .
I guess I misunderstood what she did. I read it as, “they took down the SC DHEC web server” until things can get secured. My point is, the important data isn’t on their front-facing web server, it’s in back-end servers that have “secure” doors to the internet for remote access by staff and other “authorized” users. Seems like a PR stunt to make it look like she’s taking it seriously. Who knows, you can’t trust any of these boobs anymore.
Does anyone else find it painful to watch Haley talk about this topic during her press conferences? Today she was talking about “the Hand” (huh?) and DSIT as if DSIT is some sort of application. DSIT is a branch of state government as far as I know, not a computer program. She clearly has no clue of what she speaks.
Have you noticed that many of Haley’s appointments and buds reside in the Lowcountry like Templeton, Abe Turner (SC DEW head do state), Harrell, and others? I was told Mr. Turner commutes back and forth to Columbia in a state issued car. A friend who works at DEW said Mr. Turner has a pearl white crown Vic and a black crown Vic to drive once he gets to Columbia. I hope my friend is wrong otherwise as a taxpayer, I would be pissed.
whoa. who’s the blonde in the pic?
that’s one piece of ass. templeton?
They could *at least* have left critically important telephone numbers to DHEC offices.
You know, like ones to call when there’s been a massive chemical spill or some kind of biological attack.
Not in SC – nope.
Keep’em in the dark – just like Nikki did w/ SCDOR breach.
Nice job dhec.
You FAIL website design 101.
How in the hell am I supposed to get the weekly restaurant ratings?????
Oh, I forgot, they cut back on inspections when Queen Namrata took office & appointed Templeton head “checker”
SC Poision Control Center:800-922-1117
DHEC Emergency/Hazardous Spills:800-253-6488
Toxic Spill Response Center: 800-424-8802
Now, maybe you can sleep tonight “hum-dinger”
BTW: Don’t EVER rely on a fucking “puter” in case of an emergency
My job is done.
I’m taking the rest of the day off…….
How is this woman doing in curing South Carolina’s fat people ?
Looks like Cat has put on some pounders.
Pretty sure the info SC DHEC holds is of public record.
like social security numbers?
shucks – after SCDOR breach, ya, you are probably right ;)
They also have medical records (HIPPA) – unless you want your medical info released so it can be used against you, maybe it would be best that they just keep the whole thing offline and go back to physical paper.
South Carolina simply cannot be trusted with anything that involves electronic data.
Like STD info?
Some public-utility location information is not released for Homeland Security reasons.
It also holds a little propriatory trade information when that was needed for waste-disposal permitting.
Hmmmmm…..Kat looks yummy in this photo – but who is the “grinning skull” next to her? Sic, in the future please edit out unpleasant stuff like him.
she sure does look fabulous – the small amount of extra weight looks good on her above the belt – but we all know that below the belt she’s got that leg problem – way too hefty. and that’s something girls get from their mommas
Gee Will, you’re really becoming pretty blatant about kissing Templeton’s ass. You never had to work for the bitch. What you apparently don’t know is that other State agencies ramped up their IT security last year. SCDOR are apparently the ones left in the dust. Templeton did nothing great here.
DHEC has always had sufficient firewalls to protect data. This is another example of Templeton taking credit for other people’s work. Wake up. This woman is a charlatan and a compulsive liar.
Like her nemesis Haley?
and I second that !!!!
and I second that !!!!
“I hired a Chief Security Officer before the breach and we have been taking proactive steps to ensure the security of some of the state’s most valuable and sensitive information (health, nuclear, vital records),” Templeton notes in a statement provided to FITS. ”As part of our ongoing assessments, we have taken the website down to verify that there are no issues and have conducted full website vulnerability testing.”
There was a CSO at DHEC YEARS before Ms. Templeton. He resigned earlier this year. A new CSO was named recently. I think Ms. Templeton may be doing a good job at DHEC but why claim that she hired the CSO…. I don’t get patting yourself on the back for something you did not do.
I’m telling you, the woman looks yeasty.
yeast got added to the extra 10 lbs. of stomach, see the new roll there