Friday, August 25, 2006

Computer System Audit

Audit Reveals Security Gaps - But No Breaches - in Public Assistance Computer System
Corrie MacLaggan
Austin American-Statesman
Personal information about Texans who receive public assistance could be at risk of being accessed by computer hackers, according to a new internal audit of the Health and Human Services Commission.
The audit, conducted for the agency by Clifton Gunderson LLP, identified several vulnerable areas of the computer backbone of the state's new system for determining eligibility for food stamps, Medicaid and other programs.
However, the study did not uncover any security breaches.
The computer system, TIERS, and the new call centers handling public assistance enrollment have been targets of criticism recently. A private group, the Texas Access Alliance, anchored by Accenture LLP, is administering the computer system and call centers.
The state has halted statewide rollout of the new enrollment system until problems with a Central Texas pilot program can be fixed.
Stephanie Goodman, a spokeswoman for the Health and Human Services Commission, said the computer system works well and is an improvement over the old one.
*Wait, what?  It works well?  TIERS?  Actually, it does not work well, and you can ask any worker across the STATE that deals with TIERS and they will tell you the same thing.  Maybe it's an improvement over the old system once it IS working, but that's not the case yet.  It may never be.  I guess that's why local staff who work in the TIERS system are told to not 'bad mouth' TIERS to other staff across the Regions who aren't in TIERS yet.....but we all know the truth, don't we?
"What you want to do with an internal audit is test every possible way the system could conceivably fail," she said. "That doesn't mean it has failed. All tests like this reveal some weaknesses somewhere."
The audit found:
• The agency does not have a plan for monitoring computer system performance and security.
• The Texas Access Alliance does not ensure that all employees have background checks, increasing the risk that people with criminal backgrounds could access sensitive information.
*Sensitive information that includes people's name, dates of birth, social security numbers, bank account information, job information, living arrangements, etc.
• Computer user accounts are not always removed when employees change jobs or stop working for the agency or its contractor.
• Fraud prevention and detection controls for the system are not fully implemented.
"The audit shows that after costing $300 million and after three years in pilot, TIERS still isn't ready for prime time," said Will Rogers, a spokesman for the 12,000-member Texas State Employees Union, which has opposed the new public assistance enrollment system.

Get your own web address for just $1.99/1st yr. We'll help. Yahoo! Small Business.

1 comment:

Anonymous said...

Anytime you have a web based system breaches can happen. One office even had a breach on Saverr when they had computers in the resource rooms.