Arizona auditors say they found holes in a department's cybersecurity system that could put residents' personal information at risk.
State auditors said in their April report that they were able to hack Arizona Department of Economic Security during a routine review, the Arizona Republic reported (http://bit.ly/2pmguHY). The department, which oversees programs such as food assistance, unemployment benefits and adult properties, has the personal identification information of more than 2 million Arizona residents.
State auditors have sent their findings to state lawmakers and Gov. Doug Ducey this week.
The state Auditor General's Office has been conducting yearly IT performance reviews for more than 10 years. The latest Department of Economic Security audit took nine months to accomplish.
The report stated that during one test attack, auditors gained access to "control all network user accounts, including accounts with high-level access." They were able to "to view, alter or delete confidential health information and other sensitive data, including client Social Security numbers, names and addresses."
A lack of staff training and outdated software put the department at high risk of data breaches and other security vulnerabilities, according the report. The auditors believe high employee turnover may have also contributed to the security shortfalls.
No known Department of Economic Security hacks were found, Performance Audit Manager Dot Reinhard said.
The auditors sent the department recommendations such as improving vulnerability assessments, improving update and patch management and establishing a continuous monitoring program for critical IT activities.
No one has been fired or reprimanded after the audit, a Department of Economic Security spokeswoman said.
The auditors will return to the department in six months to see if its cybersecurity has improved.