Potential security breach prompts suspension of OSHA’s new injury-tracking portal [UPDATED]

By: August 17th, 2017 Email This Post Print This Post

[Editor’s note: Access to OSHA’s data portal has been restored. See updates below.]

Just two weeks after its already-delayed launch, an online portal designed to collect data on worksite injuries has been suspended amid information security concerns.

Use of the portal, OSHA’s Injury Tracking Application (ITA), was supposed to become mandatory for certain employers on July 1, 2017, pursuant to the controversial electronic recordkeeping rule. But officials signaled back in May that they would be postponing the deadline, and they formally did so in June—giving the approximately 466,000 affected employers five additional months, until December, to begin using the application.

The ITA finally went live August 1, a full month after its original implementation date, as labor attorney Tressi L. Cordaro with Jackson Lewis P.C. noted Monday in a blog post. The ITA was suspended, however, on Tuesday after the Department of Homeland Security (DHS) notified the Department of Labor (DOL) that user information might have been compromised, Cordaro added Wednesday.

Those who tried accessing the portal Thursday morning were greeted with a message in red lettering: “Alert: Due to technical difficulties with the website, some pages are temporarily unavailable. To file a complaint with OSHA or to ask a safety and health question, call 1-800-321-6742 (OSHA).”

Bloomberg BNA’s Ben Penn reported Wednesday that a DOL official didn’t identify the one company involved in the potential breach. While the portal will eventually be used to collect detailed employee records, experts told Penn that the information currently being collected isn’t sensitive. That being said, the snafu could betray a level of unpreparedness in the ITA rollout.

“This agency has a lot of experience with doing this—and doing it right,” said Deborah Berkowitz, a senior fellow with the National Employment Law Project who served as OSHA chief of staff under former President Barack Obama, according to Penn’s report. “This is a brand new application, and because of the new administration, it was never tested.”

Berkowitz added that OSHA should take the time offered by this suspension to “get it right” and protect the database.

Representatives with DOL and OSHA contacted via email and telephone were not immediately available Thursday to answer questions about the suspension and possible breach.

Update (8/25/17): The application was back online as of Friday, August 25, 2017. I have requested additional details on what led to the outage and will publish what I find.

Update (8/28/17): An OSHA spokesperson said in an email that the National Information Technology Center conducted a scan and confirmed that none of the ITA data had been compromised. “As part of this review, the entire OSHA website was scanned and improvements implemented,” the spokesperson said. Public access to the portal was restored Friday, as OSHA continues its regular security monitoring processes.

 

Leave a Comment

*

« | Home | »

Subscribe - Get blog updates via e-mail

  • test
  • HCPro Broadcast Events Calendar

hcpro.com