Press Release  Audit Shows Department of Transitional Assistance Must Do More to Protect Sensitive Client Data

Boston — State Auditor Suzanne M. Bump is calling on the Massachusetts Department of Transitional Assistance (DTA) to take steps to protect sensitive data about program participants and ensure it is prepared to confront cyberthreats. The audit, which examined July 1, 2018 through June 30, 2019, comes on the heels of an audit of the Department of Revenue that found similar issues.  

“The Department of Transitional Assistance provides critical support to some of our state’s most vulnerable low-income residents. However, inappropriate disclosure of sensitive information about these clients could make their already difficult situations much worse. DTA must do more to protect this information,” Bump said. “I’m encouraged by its responses and hope it takes swift action to fully implement our audit recommendations.”

The audit found DTA was not adequately protecting sensitive data from inappropriate access. Auditors found the agency did not revoke terminated employees’ access to its primary database used to determine client eligibility for assistance. Some employees continued to have access to the system for more than three weeks after they were terminated.

Additionally, the audit notes DTA had not fully assessed the IT vulnerabilities facing third-party vendors that have access to personally identifiable information (PII), such as Social Security numbers. It also had not tested its plans to respond to IT security incidents. The failure to develop these plans and assess these risks increases the likelihood that sensitive data could be inappropriately accessed or disclosed.

In its responses included in the audit, DTA indicated it was working with Executive Office of Technology Services and Security (EOTSS) to take steps to address the issues identified by Bump. The audit also notes the agency has in place training programs related to the protection of PII.

The audit released to the public is abridged because of the sensitivity of the information contained in the full audit. Consistent with government auditing standards and the Massachusetts public records law, only the DTA will receive a full, unabridged copy of the report.

DTA is an agency within the Executive Office Health and Human Services. It administers programs that provide assistance to low-income individuals and families, including the Supplemental Nutrition Assistance Program (SNAP), Transitional Aid to Families with Dependent Children (TAFDC), Emergency Aid to the Elderly, Disabled and Children (EAEDC) and Supplemental Security Income (SSI). It had approximately 1,630 employees during fiscal year 2019.

The audit report is available here.

###