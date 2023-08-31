While maintenance, personnel and security risks are low, auditors found that DPH's planning controls for its IT system need some attention and an update.

HARTFORD, Conn. — A state audit of the Department of Public Health (DPH) determined that its information technology (IT) and security plans may need an upgrade and the data its system holds may need some reclassification.

The State Data Center General Controls released a full report Thursday that audits DPH and its IT system as of June 2022.

Its biggest finding was that DPH has not updated its Information Security Plan since June 2018. Since technology has changed rapidly over the past several years, auditors warn that the current policies and procedures in place will be obsolete in an emergency.

DPH responded to the finding, saying that they were following the lead of the state's Dept. of Administrative Services, which is currently consolidating and optimizing information technology, and they felt it was unnecessary to upgrade during this process.

DPH said the pandemic also took priority, with IT creating information systems for contact tracing, vaccinations, and the ability for 800 employees to work from home.

On top of that, another finding cited a lack of complete risk assessment, meaning that auditors found that DPH has never conducted a complete assessment of its information technology systems, which could put them at risk of threats, which could be increased in remote work environments.

Auditors recommend DPH conduct a periodic assessment of systems and data risk in compliance with the Control RA-3 of the NIST Special Publication 800-35. DPH said it would work to follow the guidance, but it might be expensive to get it done.

Another finding cited a lack of data classification assessment, which means DPH was found to have not classified its information systems and data in accordance with what the Office of Policy and Management (OPM) requires. The OPM requires executive branch agencies, which includes DPH, to assign a classification to data based on confidentiality, integrity, and accessibility and its level of risk.

Much of the data DPH has includes personal and health-related information and recommends they conduct a "comprehensive data classification assessment" to prevent further inefficiencies in assigning operational resources.

DPH's IT maintenance, personnel, and security audit risks are low, according to the report.

Read the full report here.

---

Have a story idea or something on your mind you want to share? We want to hear from you! Email us at newstips@fox61.com

---

HERE ARE MORE WAYS TO GET FOX61 NEWS

Download the FOX61 News APP

iTunes: Click here to download

Google Play: Click here to download

Stream Live on ROKU: Add the channel from the ROKU store or by searching FOX61.

Steam Live on FIRE TV: Search ‘FOX61’ and click ‘Get’ to download.