Orange County Transit Authority bus. Photo by John Schreiber.

Orange County is “in the forefront of cybersecurity defense” despite hacks in the past year of the Orange County Transportation Authority and CalOptima, the insurance agency for the poor, according to a Grand Jury report released Thursday.

Orange County grand jury report on digital data safety. (PDF)
The cyber attack last year on OCTA, which led to a ransom demand from the hackers, cost taxpayers about $700,000 to “recover data and restore systems,” according to the grand jury report.

CalOptima sustained a breach last year with hackers accessing member names, “demographic information, Social Security numbers and other health plan details of about 56,000 CalOptima members,” according to the report.

In addition, “Several Orange County government departments reported multiple sensitive privacy information breaches in 2016,” the report found. “The majority were fraudulent email incidents, all of which were contained. There were nine reported incidents involving county systems in 2015 and the first half of 2016.”

The grand jury concluded that the Orange County Board of Supervisors has a “heightened awareness of cybersecurity threats” following the OCTA hack.

“County executives are leading efforts to provide centralized support for countywide cybersecurity efforts and, with other county leaders, recognize the sensitivity and vulnerability of the digital information the county manages,” the grand jury reported.

County employees recently underwent “awareness training” of cyber threats, according to the report.

“The county has taken a number of steps to safeguard its digital data and systems against cyber attack, but there are a number of actions generally recognized as cybersecurity best practices that still need to be implemented,” the report states.

The grand jury also found that technical experts “across county government are largely untrained and uncertified in cybersecurity, especially at the agency level.”

Hiring cybersecurity experts is “challenging due to outdated county cybersecurity job classifications and salary levels, as well as lengthy county hiring processes, particularly for those agencies requiring extensive background checks,” according to the grand jury.

The grand jury recommended a “periodic cybersecurity audit schedule for all third-party vendors that connect to county networks and systems” by the end of the year.

The grand jury also wants the county to “develop a five-year cybersecurity strategic plan as a separate part of the IT Strategic Plan.”

The grand jury also recommended an upgrade in “IT job classifications and salary levels to reflect the current job market” over the next year.

— City News Service

Leave a comment

Your email address will not be published. Required fields are marked *