Audit: Office of NYS Information Technology Services (OITS): Security and Effectiveness of Division of Criminal Justice Services’ Core Systems

Auditors found that OITS does not have an established monitoring and oversight process for user access management of DCJS systems and is not operating in compliance with state cyber security policies. OITS does not have established policies and procedures for backup of key DCJS systems. Also, ITS does not have an active regional backup site, and DCJS systems are at risk for total data loss in the event of a regional disaster. Auditors also found OITS does not have an established monitoring and oversight process for software or operating systems and changes made to these systems.

Read the full audit report.

ModMed revealed they were victims of a cyberattack in July. Then some data showed up for sale.
Confidence in ransomware recovery is high but actual success rates remain low
Protected health information of 462,000 members of Blue Cross Blue Shield of Montana involved in Conduent data breach
Resource: NY DFS Issues New Cybersecurity Guidance to Address Risks Associated with the Use of Third-Party Service Providers
Bombay High Court Orders Department of Telecommunications to Block Medusa Accounts After Generali Insurance Data Breach
Cyber-Attack On Bectu’s Parent Union Sparks UK National Security Concerns

Related: