DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

States unable to protect citizens’ personal, health data from cyberthieves

Posted on September 30, 2010 by Dissent

Byron Acohido writes:

This should come as no surprise. State government agencies aren’t devoting nearly enough resources to protect citizens’  sensitive data from hackers and data thieves.

Some 49 out of 50 states report that a lack of budget is crippling efforts to manage cybersecurity effectively. One state chose not to participate.

That’s the upshot of a survey titled “State Governments at risk: A Call to Secure Citizen Data and Inspire Public Trust” conducted by consulting firm Deloitte & Touche and the National Association of State Chief Information Officers.

Read more on The Last Watchdog.

The key findings of the report:

1. Governance: The Enterprise CISO position is firmly established in the majority of states. To be successful, CISOs must continue to evolve this position to garner enterprise visibility, authority, executive support, and business involvement.

2. Strategy: States increasingly are embracing strategic planning as part of their cybersecurity approaches and are converging on the National Institute of Standards and Technology (NIST) risk assessment framework for strategic alignment. However, without compliance audit and enforcement mandate such as the Federal Information Security Management Act (FISMA) at the Federal level, compliance to the NIST framework across the enterprise is not likely to be achieved.

3. Budget: Security budgets and resources available to State CISOs lag behind those of their private-sector
counterparts. In tough economic times the gap may be widening as the private sector is increasing its investment in security.

4. Internal, External Threats and creating a cyber mindset: Threats to PII and PHI are growing—both from the inside and the outside. States are still in the early stages of establishing programs and deploying technology to protect this sensitive data. Further, CISOs expect to face a host of threats over the next 12 months, ranging from “zombie” networks to social engineering and employee lapses. For this reason, CISOs recognize the importance of creating a “cyber mindset” within their respective enterprises, and are turning to education and awareness to combat these threats.

5. Security of Third Party Providers: States use the services of contractors, managed service providers, and other third parties to deliver sensitive and critical constituent services; managing the security of these
third-party providers may not be keeping pace with the escalation of threats.

The 2010 Deloitte-NASCIO Cybersecurity Study compares state responses against Deloitte’s bellwether survey in the financial services industry, as well as against other external sources and benchmarks. These comparisons serve to demonstrate the divide that exists between the private sector and the states.

Report: State governments at risk: A call to secure citizen data and inspire public trust (pdf)

Cross-posted from PHIprivacy.net

Related posts:

  • RIBridges has many lines of defense. How was the system breached?
  • Why federal efforts to protect schools from cybersecurity threats fall short
  • Governor Hochul Announces Nation-Leading Cybersecurity Strategy
Category: Commentaries and AnalysesOf NoteU.S.

Post navigation

← ICO issues a terse statement about ACS:Law
FL: Parents fear identity theft by Keep the Faith Ministries →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.