Thursday, June 15, 2017
State audit finds inadequate safeguards for birth, death, marriage, divorce records
Missouri State Auditor Nicole Galloway released an audit of the Department of Health and Senior Services' Vital Records Systems. These systems house birth, death, adoption, marriage, and divorce records. The audit reviewed system security and found inadequate safeguards in some areas. It also raises questions about whether department staff who work with the system have a sufficient understanding of existing controls and how they can be used to ensure personal data held by the state remains secure.
"The Missouri Department of Health and Senior Services is responsible for safeguarding some of our most personal information and must be held to the highest standards of accountability," Auditor Galloway said. "Those who want access to personal information for inappropriate and illegitimate uses will continue to experiment with new strategies and methods to exploit any weaknesses. Government must never become complacent."
The report describes a secure system that could be improved with better planning and communication. Data governance is a term that refers to a broad set of policies and procedures that encompass data security for an organization. Clear guidelines help ensure the confidentiality, integrity, and availability of data and information. The report recommends department staff institute a comprehensive policy related to data security that expands the safeguards currently in place.
The audit also found some former system users still had access rights to the sensitive information more than a month after ending their employment. The report recommends the department ensure user accounts are immediately terminated when employment ends to prevent unauthorized access.
The Department of Health and Senior Services' Vital Records Systems received a good performance rating for cybersecurity protections. A complete copy of the report is online here.