«WHITE Advancing Cybersecurity with the Informatica Solution for Data Privacy This document contains Confidential, Proprietary and Trade Secret ...»
Safeguarding Sensitive Data
in State and Local Governments
Advancing Cybersecurity with the Informatica Solution for Data Privacy
This document contains Confidential, Proprietary and Trade Secret Information (“Confidential
Information”) of Informatica Corporation and may not be copied, distributed, duplicated, or otherwise
reproduced in any manner without the prior written consent of Informatica.
While every attempt has been made to ensure that the information in this document is accurate and complete, some typographical errors or technical inaccuracies may exist. Informatica does not accept responsibility for any kind of loss resulting from the use of information contained in this document. The information contained in this document is subject to change without notice.
The incorporation of the product attributes discussed in these materials into any release or upgrade of any Informatica software product—as well as the timing of any such release or upgrade—is at the sole discretion of Informatica.
Protected by one or more of the following U.S. Patents: 6,032,158; 5,794,246; 6,014,670; 6,339,775;
6,044,374; 6,208,990; 6,208,990; 6,850,947; 6,895,471; or by the following pending U.S. Patents:
09/644,280; 10/966,046; 10/727,700.
This edition published March 2013 White Paper Table of Contents Executive Summary..................................... 2 Data Privacy: Challenges and Trends....................... 3 Revenue Agencies—Perforated with Privacy Weaknesses................. 3 Education—SLDSs Raise the Stakes on Student Privacy................... 3 Health and Human Services—MAGI Muddies the Privacy Waters........... 4 Healthcare—HIPAA Implements Privacy Rules........................... 4 Government-Wide Social Security Number Remediation.................. 4 Data Breach in the Public Sector: A Case Study............. 5 Acknowledging Insider Threats........................... 6 Exposure in Nonproduction Environments: Test and Development......... 6 Exposure in Production Environments: DBAs and Privileged Users......... 7
Safeguarding Sensitive Data in State and Local Governments: Advancing Cybersecurity with the Informatica Solution for Data Privacy 1 Executive Summary More than 94 million citizens’ records, under the care of government agencies, are estimated to have been lost or breached since 2009.1 The effects of this loss are profound. The average cost to the government of a data breach has been estimated at $5.5 million or $194 per individual record.2 In addition to these high costs, data breaches and cyberattacks also affect citizens directly. The unauthorized use or misuse of personally identifiable information can impact an individual’s ability to get a job, secure a loan, pay for education, obtain insurance, defend against identity theft, or benefit from public programs. Citizens need to know that they can trust public organizations with their personal information, but each new high-profile public data breach or negative watchdog report shakes that faith.
As public sector organizations face unprecedented risk from cyberattacks and high costs from data breaches, the focus on protecting sensitive and personally identifiable information is quickly becoming a priority for agency and state CIOs and CISOs. On this issue, Brenda L. Decker, NASCIO President and CIO, State of
Nebraska, has stated:
This white paper discusses the challenges to securing information in state and local government organizations, outlines common sources of vulnerability, and illustrates with a case study an example of an increasingly common data breach. It discusses the effectiveness and versatility of data masking—both traditional, persistent data masking and the newer, breakthrough technology of dynamic data masking—in addressing the data privacy requirements of the public sector. It also examines the pros and cons of complementary data protection techniques, such as encryption and database activity monitoring, and how they can be used alongside data masking software to provide optimal protection in specific scenarios. Finally, the paper outlines what to look for in a data privacy solution and advocates implementing Informatica® data masking products to achieve robust, transparent, and cost-effective data privacy.
Data Privacy: Challenges and Trends Entrusted with the many aspects of safety and security of the public, government agencies must consistently demonstrate the ability to be sound financial stewards and rigorous defenders of sensitive data or personally identifiable information (PII). Some state and local government agencies have made major investments and significant strides in securing their systems against data breaches and cyberattacks, making it a top priority. But only 14 percent of state CISOs have reported feeling that they receive the appropriate executive commitment and adequate funding for cybersecurity.4 In addition, securing data is becoming an increasingly daunting challenge because of vulnerabilities that remain.
Below are five of the top data privacy challenges and trends affecting state and local governments.
Revenue Agencies—Perforated with Privacy Weaknesses According to IRS Publication 1075, “The public must have and maintain a high degree of confidence that the personal and financial information furnished to us is protected against unauthorized use, inspection or disclosure.” Yet a 2012 GAO report entitled Information Security: IRS Needs to Enhance Internal Control over
Financial Reporting and Taxpayer Data states:
“Although IRS has made progress in correcting information security weaknesses that we have reported previously, many weaknesses have not been corrected and we identified many new weaknesses during fiscal year 2010. Specifically, 65 out of 88 previously reported weaknesses—about 74 percent—have not yet been corrected. In addition, we identified 37 new weaknesses. These weaknesses relate to access controls, configuration management, and segregation of duties.” Specific weaknesses include the “excessive access” given some internal users to systems by granting permissions beyond what they need to perform their jobs. Furthermore, the GAO has uncovered poor segregation-of-duty practices and determined that some devices were sending unencrypted data over the IRS Network.
Ensuring the privacy of taxpayer data is not just a federal problem. In October 2012, the South Carolina Department of Revenue suffered a major privacy breach that compromised 3.6 million Social Security numbers and 387,000 payment card numbers, and exposed taxpayer address information as well. Most of the targeted data was unencrypted. In addition to the loss of taxpayer trust, the state is now paying for credit monitoring for individuals and businesses affected by the breach.
Education—SLDSs Raise the Stakes on Student Privacy With the help of federal grants, many states across the country are implementing statewide longitudinal data systems (SLDSs) to capture and analyze student data from preschool through higher education to employment.
To qualify for a federal grant, an SLDS must ensure the confidentiality of student data according to the requirements of the Family Education Rights and Privacy Act (FERPA), which protects individually identifiable information from being accessed without student permission. An SLDS is also subject to state privacy regulations. Consequently, states are under enormous pressure to ensure that no user or outside party can view individually identifiable data even as it is being aggregated and analyzed as part of an SDLS program.
Safeguarding Sensitive Data in State and Local Governments: Advancing Cybersecurity with the Informatica Solution for Data Privacy 3 Health and Human Services—MAGI Muddies the Privacy Waters Needs- and contribution-based public programs, including cash and food assistance, medical assistance, and unemployment insurance, are fraught with data privacy challenges. Even within a single eligibility system for multiple types of assistance (e.g., cash, food, medical), the sharing of data is prohibited by law and subject to prosecution.
The use of modified adjusted gross income (MAGI) data by health insurance exchanges (HIX) throws this issue into high relief. With the advent of the Affordable Care Act, states are able to use MAGI data obtained from the IRS to determine eligibility for health insurance and Medicaid. But the IRS prohibits the use of this data for other state-administered programs outside of HIX. This means that HIX organizations will possess sensitive MAGI data, but only in order to determine health insurance eligibility. They are required to hide or mask that data so that other organizations may see eligibility results but not the data used to determine those results.
Healthcare—HIPAA Implements Privacy Rules With the passing of the Health Insurance Portability and Accountability Act (HIPAA), standardized privacy rules were applied to all government healthcare organizations, including such programs as Medicare and Medicaid, Tricare, Military Health, and Veterans Insurance. One of the HIPAA privacy rules calls for “minimum necessary” use and disclosure of protected health information (PHI). It mandates that policies and technologies be implemented to hide, protect, or mask any individually identifiable health information that’s not otherwise required to fulfill a specific purpose or request.
Government-Wide Social Security Number Remediation Government organizations with a broad range of functions—revenue, benefits, healthcare, and security to name a few—have relied on Social Security numbers (SSNs) as a unique identifier in their systems for years. In recent years, agencies have implemented extensive remediation initiatives to remove SSNs as the prime identifier or key. But they widely report that SSNs continue to be collected and stored without a thorough understanding of the business requirements for that data. A comprehensive SSN remediation program must be part of an overall governance plan that includes removing and securing personally identifiable information, including SSNs, and a process review of all systems to determine the actual business requirements of SSNs.
Data Breach in the Public Sector: A Case Study In 2012, one state experienced two data breaches, each of which exposed personally identifiable information in a different way. The first occurred from inside the organization when an employee transferred the information of more than 225,000 Medicaid beneficiaries to a personal email account.
The second breach was far more sophisticated and caused by an external cyberattack. This breach exposed information on 3.8 million taxpayers, including SSNs and bank account data, and resulted in a staggering $14 million cost to the state, the resignation of at least one high-ranking government official, and immeasurable damage to public trust.
Although not the deliberate result of an internal employee’s actions, an email with an embedded link to a malicious Web site was sent to Department of Revenue employees. Upon clicking the link, a user would inadvertantly launch malware that enabled the attacker to steal the user’s username and password, granting the attacker access to that machine. About one month after this initial attack, the attacker found personally identifiable information in a database backup and then copied the file to an internal server, breaching a significant amount of private information.