COLUMBIA, SC — State agencies say they need $98 million to upgrade their computer systems, according to an analysis of budget requests by The State newspaper.
The requests come after an international hacker infiltrated data security systems at the state Department of Revenue in September to steal the financial information of 6.4 million S.C. consumers and businesses.
The breach will cost South Carolina at least $20 million more to pay for remedies, including credit monitoring and fraud resolution. That money is not included in the $98 million in requests made by state agency.
Of the requests, $32 million would come from the federal government. The rest – $66 million – would come from state money, a mix of recurring and nonrecurring dollars from taxes, fines, fees and grants.
Most of the requests are to upgrade data security or replace outdated equipment. However, some agencies are seeking money to hire more people to oversee their information. Others, including the Department of Motor Vehicles, say they need more money to work with the FBI to thwart hackers “from around the world that were trying to tap into our database,” according Motor Vehicles executive director Kevin Shwedo’s testimony before a S.C. House budget subcommittee last week.
Under fierce criticism because of the breach, first-term Republican Gov. Nikki Haley has recommended the state spend $45 million in state money for information technology upgrades, including the $20 million cost to cover the data breach at the Revenue Department and $12 million to install a more secure tax-filing system.
In addition, Haley wants to spend $1.8 million for a new Medicaid management system at the Department of Health and Human Services. In April, a former employee of that agency stole the personal information of 228,000 Medicaid beneficiaries.
But Haley’s proposal does not cover data-security requests at other state agencies, including the Workers’ Compensation Commission, the Secretary of State’s Office and the Foster Care Review Board, which handle valuable personal information for individuals, businesses and children.
‘A massive ... waste’
Those are just some examples of the dozens of requests that have flooded S.C. House budget subcommittees in recent weeks. The requests frustrate lawmakers who have limited new money to spend but feel pressure to prevent future attacks.
“It is a massive ... waste in time and energy and funds for everybody trying to solve a problem that is common to everyone, but they are all going in different directions,” state Rep. Jim Merrill, R-Berkeley, said after hearing a budget request from the Secretary of State’s Office. “Every single agency is having similar requests. Everybody is going to look like fools if something happens.”
Haley is using that pressure to corral legislative support for a Department of Administration – a new state agency that would gather most of the state’s administrative roles, including information security, under one director, who would be appointed by the governor.
“South Carolina lacks a single entity with the authority necessary to better secure our systems. We must fix that, and fix that this year,” Haley told lawmakers during her annual State of the State address on Wednesday.
The Department of Health and Human Services, which had its own data breach in April, has requested $18 million for a new Medicaid management system. That includes $1.8 million in state money. The rest would come from the federal government. Agency director Tony Keck said his department has spent a lot of time trying to secure its data – a project he said someone else should oversee.
“When you’re sort of left out there on your own to be responsible for it, it feels exposed,” Keck said.
Winning an Administration Department?
Haley appears to be gaining legislative support for a information technology clearinghouse for all state agencies at a new Administration Department. Both the House and Senate passed a version of the bill last year, but the bill died because lawmakers could not agree on how to reconcile their differences.
State Rep. Gilda Cobb-Hunter, D-Orangeburg, said earlier this month that information technology is a “core government function” that should not be left up to each individual agency. Rep. Brian White, R-Anderson, chairman of the powerful House Ways and Means Committee, agrees.
White said the House’s version of the budget – expected to be completed by mid-March – will include a savings account to pay for a statewide data security plan. White said the amount would be “significant,” declining to be more specific. He indicated it would be more than $20 million, the amount that it cost to cover the breach at the Department of Revenue.
For her part, Haley set aside $3 million in her proposed budget for a statewide security plan.
Reach Beam at (803) 386-7038.