Board Moves to Require Regular Audits for IT Safety

/in , , /by

Calling for regular audits and strong safety measures to be in place so that information is secure, the Los Angeles County Board of Supervisors approved a motion calling for more intense scrutiny of the county’s IT infrastructure.

The motion comes on the heels of a series of troubling audits that found security lapses in several Los Angeles County departments that allowed terminated employees to gain access to confidential records, including medical and criminal files (Probation Audit, Public Health Audit).  The audits conducted by L.A. County’s Auditor-Controller specifically revealed lapses in security at Los Angeles County’s probation and public health departments.  Although the Department of Probation has now deleted the accounts, the audit found that among former employees, 695 logins remained active for seven years – and 33 were used to access probation systems. At the Department of Public Health, 13 employee accounts were active well after termination of employment, and in one case, an old login was used to order tests and access the results for patients in the public health system – a possible violation of federal privacy laws.

“This information needs to be protected at all times,” said Supervisor Mark Ridley-Thomas, who sponsored the motion that was approved. “Efficient, reliable, useful, modern, quality and secure IT systems must be a central component and core mission of our governance and any governance restructuring that we do.”

In recent years, Supervisor Ridley-Thomas has initiated several improvements to the county’s IT system including: