Auditors find cybersecurity risks at Department of Consumer and Business Services

Claire Withycombe, Salem Statesman Journal

November 9, 2021 at 1:00 PM·2 min read

Despite prior warnings, a state agency overseeing key functions such as enforcing worker safety has failed to take basic cybersecurity measures meant to keep sensitive information and information technology systems secure, state auditors said Tuesday.

Auditors from the Oregon Secretary of State’s office found the Department of Consumer and Business Services needs to do a better job assessing security risks and taking steps to reduce those risks, should make sure third-party activities are secure and document its policies and procedures for keeping information and systems secure.

DCBS is a large state agency, with roughly 900 full-time employees. It has a range of responsibilities, from enforcing worker safety through OSHA to overseeing the state website where you can buy a health insurance plan.

Similar problems discovered during the audit have been found before: in 2016, by state auditors, and in 2018, by a branch of the state’s executive IT office overseeing cybersecurity. At the time, those findings were shared with the agency in confidential reports.

Without enough staff assigned to security tasks, auditors said, “most critical activities are performed on an ad-hoc basis,” which potentially hinders the agency from finding and responding to security incidents.

Among the findings, auditors said that the agency doesn’t “actively manage” hardware devices or software. That means unauthorized devices could be accessing the department’s network, or unauthorized software could be installed.

“The security of Oregon’s information resources should be a top priority for all state agencies,” Secretary of State Shemia Fagan said in a statement, adding that the agency “should take immediate action to address the findings outlined in this report.”

Andrew Stolfi, director of the Department of Consumer and Business Services, said he welcomed the findings in a response to the audit. Stolfi was appointed director in April 2020, and is also the state's insurance commissioner, a role he's held since 2018.

Stolfi said he was forming a committee to meet with workers at the agency and keep track of the agency’s compliance with a plan to respond to the audit findings.

“DCBS is fully committed to continuing to improve its security stance, protect state systems and data, and reduce risk,” Stolfi said.

The agency hasn’t had any cybersecurity incidents that have led to data breaches or “significant system outages” in the past five years, Stolfi said.

In February 2014, the Statesman Journal reported DCBS was investigating leaks of personal information at Cover Oregon, the state’s troubled health insurance marketplace, which folded later that year.

Claire Withycombe is a reporter at the Statesman Journal. Contact her at cwithycombe@statesmanjournal.com, 503-910-3821 or follow on Twitter @kcwithycombe

Support local journalism by subscribing to the Statesman Journal.

This article originally appeared on Salem Statesman Journal: Oregon consumer, business agency faces security risks, audit finds

Yahoo Sports
Former NBA guard Darius Morris dies at 33
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Finance
Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'
Ryan says he would be writing in a Republican candidate instead of voting for Donald Trump.
Yahoo Sports
Nuggets star Nikola Jokić wins third NBA MVP in four seasons, placing him alongside all-time greats
Nikola Jokić joins a short list of the game's all-time greats after securing his third MVP.
Yahoo Sports
Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing
The Cardinals' nightmare season continues.
Yahoo Sports
Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1
It’s key to note that we’re not saying the “best team” or “best roster.” Instead, we’re talking about the best confluence of factors that can outline a path for survival and then success.
Yahoo Finance
These 3 stocks are poised to benefit from the massive energy transition
The energy transition will benefit companies providing electrical needs for surging demand. Analysts point to these three stocks as a Buy.
Yahoo Sports
Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap
Jake Mintz & Jordan Shusterman discuss the Padres-Marlins trade that sent Luis Arraez to San Diego, as well as recap all the action from this weekend in baseball and send birthday wishes to hall-of-famer Willie Mays.
Yahoo Sports
Phil Mickelson on the majors: 'What if none of the LIV players played?'
Phil Mickelson hints that big changes could be coming to LIV Golf's rosters, and the majors will need to pay attention.
Yahoo Sports
Heat's Pat Riley unhappy with Jimmy Butler's remarks on Celtics and Knicks, implies he needs to play more
Miami Heat president Pat Riley rebuked comments Jimmy Butler made about the Boston Celtics and New York Knicks, while also implying that his star needs to play more.
Yahoo Sports
Fantasy Baseball Trade Analyzer: Buy into a pair of Astros sluggers
Fantasy baseball analyst Fred Zinkie offers up his top buy low/high and sell low-high candidates for Week 6.
Yahoo Sports
2024 NFL Team Fantasy Football Power Rankings, 1.0
With NFL rosters pretty much set before training camp, Scott Pianowski reveals his first set of team fantasy power rankings for the 2024 season.
Yahoo Sports
NBA fines Nuggets G Jamal Murray $100K for tossing heat pack, towel on court vs. Timberwolves; no suspension
Murray tossed a heat pad onto the court during gameplay vs. the Timberwolves.
Yahoo Finance
Social Security just passed Medicare as the government's most pressing insolvency risk
An annual government report offered a glimmer of good news for Social Security and a jolt of good news for Medicare even as both programs continue to be on pace to run dry next decade.
Yahoo Sports
NBA playoffs: Officials admit they flubbed critical kick-ball call in controversial final minute of Pacers-Knicks
Tuesday's last-2-minute report should be interesting.
Engadget
The best budgeting apps for 2024
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.
Yahoo Sports
The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024
Fantasy baseball analyst Dalton Del Don delivers his latest batch of hot takes as we enter Week 6 of the season.
Yahoo Sports
Ex-Ole Miss QB and Denver Broncos draft pick Chad Kelly suspended at least nine games by CFL
Kelly allegedly harassed a female strength and conditioning coach who sued him and the Toronto Argonauts in February.
Yahoo Sports
No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it
The quality was choppy, but it was better than what the WNBA had.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Auditors find cybersecurity risks at Department of Consumer and Business Services

Recommended Stories

Former NBA guard Darius Morris dies at 33

The FDIC change that leaves wealthy bank depositors with less protection

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'

Nuggets star Nikola Jokić wins third NBA MVP in four seasons, placing him alongside all-time greats

Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing

Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1

These 3 stocks are poised to benefit from the massive energy transition

Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap

Phil Mickelson on the majors: 'What if none of the LIV players played?'

Heat's Pat Riley unhappy with Jimmy Butler's remarks on Celtics and Knicks, implies he needs to play more

Fantasy Baseball Trade Analyzer: Buy into a pair of Astros sluggers

2024 NFL Team Fantasy Football Power Rankings, 1.0

NBA fines Nuggets G Jamal Murray $100K for tossing heat pack, towel on court vs. Timberwolves; no suspension

Social Security just passed Medicare as the government's most pressing insolvency risk

NBA playoffs: Officials admit they flubbed critical kick-ball call in controversial final minute of Pacers-Knicks

The best budgeting apps for 2024

The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024

Ex-Ole Miss QB and Denver Broncos draft pick Chad Kelly suspended at least nine games by CFL

No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it