Gov. Nikki Haley is looking into the security systems her Cabinet agencies are using to ensure there is no repeat of a recent incident where the private information of more than 228,000 Medicaid beneficiaries was leaked by a state worker.
The heads of Haley’s Cabinet agencies Monday listed the tactics they are using now to keep confidential information safe, including encrypting email messages, using firewalls to protect databases and monitoring employees’ access to computer ports where data can be downloaded.
Haley told Cabinet members that she has instructed Inspector General Jim Martin to talk with each agency to see what else can be done, including limiting employees’ access to only the information they need to do their jobs and encouraging employees to anonymously report suspicions of security breaches by coworkers.
Haley also put word out that supervisors at state agencies risk their jobs if they are not vigilant about security. “If (agencies) have a supervisor who has this happen on their watch, they will get fired,” Haley said.
Comptroller General Richard Eckstrom, who is not a member of Haley’s Cabinet but attended its meeting, said he only would fire a supervisor if he or she were negligent or played a hand in a security breach.
Haley shrugged off Eckstrom’s comments. “He has his agency (to run) and I have my Cabinet,” Haley said. As a constitutional officer, Eckstrom does not report to Haley.
Later, Haley added she hopes the former employee of the Department of Health and Human Services who is accused of gathering names, phone numbers, addresses, birthdates and Medicaid ID numbers, and sending them to his personal email account, gets a stiff penalty.
“I told (SLED Chief Mark Keel) to slam him to the wall. Do whatever we can to make an example of him,” Haley said.
Keel said Monday the investigation is ongoing.
In the Health and Human Services case, no external monitoring system would have picked up on the breach, said agency director Tony Keck, adding state employees inappropriately using information pose a greater threat than external hackers.
Letters have been sent to affected Medicaid beneficiaries, warning their person information has been compromised. A radio and print awareness campaign is also planned, Keck said. The agency will begin a security and technology audit next week.