wexwimpy
September 30th 04, 08:46 PM
Breach put foster kids' files on Web
For months, the confidential records of thousands of Central Florida
foster children were but a click away for those with Internet access.
BY CAROL MARBIN MILLER
Confidential child-abuse and foster-care records for nearly 4,000
Central Florida children have been available to anyone with Internet
access through a gaping security breach in a child welfare computer
system that has ties to a former social services chief.
The files -- including the names of foster children, birth dates,
Social Security numbers, photographs and case histories -- were
accessible at the website of Kids Central, a privately run child
welfare agency in Central Florida. The online records even provided
directions and maps to children's foster homes.
The Deparment of Children & Families, which oversees Kids Central
under contract, ordered the website taken down Wednesday morning after
being alerted to the breach by The Herald.
''Oh, my gosh; who in the world is responsible for monitoring this
kind of stuff?'' asked Chelly Schembera, a retired 30-year DCF
child-welfare administrator who served as interim district chief in
Miami two years ago. ``This is a gross violation of confidentiality,
and it compromises the integrity of the entire system.''
Agency critics have expressed concerns in the past over the security
of children's records. In June 2002, a Tampa television reporter
bought 50 boxes of sensitive DCF client records at an auction for $5.
The files were in boxes marked ``shred.''
There is no evidence that any child was harmed as a result of the
problem.
Kids Central began phasing in the computer system, called CoBRIS,
around April or May. It is designed to let private child protection
workers link up with the state's child welfare computer system from
wherever they are, using the Internet.
And it did. But the system was vulnerable to others as well. Here's
how:
At some point, computer help desk officials posted on the website a
''help'' link for people who were having trouble with the system.
Since many problems were similar, they allowed access to all previous
help requests right on the Internet. No password was needed to read
the help requests -- or the detailed responses that followed.
HELP REQUESTS
Many of the help requests came from caseworkers who were having
trouble gaining access to the state's computer system, called
HomeSafenet. And some of the replies included specific log-in
identities, along with a password the caseworker could use.
Anyone with a home computer and Internet access could then log into
the Central Florida DCF system using the identities and passwords that
were provided. Once inside, the system offered access to child-abuse
histories, public-assistance records, caseworker notes and reports
from home visits for all 3,966 children in Kids Central's care.
Confidential information was available without logging into the
system. Several of the help requests contained the names of foster
children, such as requests to correct records or to report glitches
with the state's database.
The Kids Central website was taken down early Wednesday after DCF was
alerted to the problem, said Janice Johnson, chief executive officer
of Kids Central, which provides child welfare services in Hernando,
Citrus, Marion, Lake and Sumter counties.
''We take very, very seriously the confidentiality of client
information; it is paramount to what we do,'' Johnson said Wednesday.
``We have already made changes. We are resetting every password, and
we are changing the process by which we give out passwords.
''We are making sure that our information is protected and that this
never happens again,'' Johnson added.
Said Don Thomas, DCF's top administrator in the five-county district:
``We have taken immediate action when it became apparent there was a
flaw.''
CoBRIS, which stands for Community Based Resource Information System,
is being developed by a Tallahassee company, Edmetrics, that was
founded by former DCF Secretary James Bax. A company official said
previously that Bax sold his stake in the company early this year.
The 3-year-old company had no social service technology experience.
Bax was friendly with Ben Harris, DCF's former information chief who
helped shepherd the CoBRIS project with DCF and a coalition of private
providers. Harris resigned in July upon the release of a blistering
inspector general's report detailing widespread influence-peddling and
cronyism.
$528,000 YEARLY
Edmetrics stands to make $250,000 developing CoBRIS, and could earn
$440,000 installing the technology statewide among 22 private
child-welfare agencies, called community-based care providers, or
CBCs. The company also could earn as much as $528,000 in yearly
maintenance fees.
Officials at Edmetrics could not be reached for comment Wednesday.
''There's too much distance between the people who are supposed to be
taking care of the kids and any accountability,'' said Karen Gievers,
a longtime child advocate in Tallahassee. ``There are a lot of
individual contracts, and it's impossible to keep track of them all.
No one is monitoring to make sure the rights of children are protected
in this process.''
http://www.miami.com/mld/miamiherald/news/state/9796842.htm?1c
Defend your civil liberties! Get information at http://www.aclu.org, become a member at http://www.aclu.org/join and get active at http://www.aclu.org/action.
For months, the confidential records of thousands of Central Florida
foster children were but a click away for those with Internet access.
BY CAROL MARBIN MILLER
Confidential child-abuse and foster-care records for nearly 4,000
Central Florida children have been available to anyone with Internet
access through a gaping security breach in a child welfare computer
system that has ties to a former social services chief.
The files -- including the names of foster children, birth dates,
Social Security numbers, photographs and case histories -- were
accessible at the website of Kids Central, a privately run child
welfare agency in Central Florida. The online records even provided
directions and maps to children's foster homes.
The Deparment of Children & Families, which oversees Kids Central
under contract, ordered the website taken down Wednesday morning after
being alerted to the breach by The Herald.
''Oh, my gosh; who in the world is responsible for monitoring this
kind of stuff?'' asked Chelly Schembera, a retired 30-year DCF
child-welfare administrator who served as interim district chief in
Miami two years ago. ``This is a gross violation of confidentiality,
and it compromises the integrity of the entire system.''
Agency critics have expressed concerns in the past over the security
of children's records. In June 2002, a Tampa television reporter
bought 50 boxes of sensitive DCF client records at an auction for $5.
The files were in boxes marked ``shred.''
There is no evidence that any child was harmed as a result of the
problem.
Kids Central began phasing in the computer system, called CoBRIS,
around April or May. It is designed to let private child protection
workers link up with the state's child welfare computer system from
wherever they are, using the Internet.
And it did. But the system was vulnerable to others as well. Here's
how:
At some point, computer help desk officials posted on the website a
''help'' link for people who were having trouble with the system.
Since many problems were similar, they allowed access to all previous
help requests right on the Internet. No password was needed to read
the help requests -- or the detailed responses that followed.
HELP REQUESTS
Many of the help requests came from caseworkers who were having
trouble gaining access to the state's computer system, called
HomeSafenet. And some of the replies included specific log-in
identities, along with a password the caseworker could use.
Anyone with a home computer and Internet access could then log into
the Central Florida DCF system using the identities and passwords that
were provided. Once inside, the system offered access to child-abuse
histories, public-assistance records, caseworker notes and reports
from home visits for all 3,966 children in Kids Central's care.
Confidential information was available without logging into the
system. Several of the help requests contained the names of foster
children, such as requests to correct records or to report glitches
with the state's database.
The Kids Central website was taken down early Wednesday after DCF was
alerted to the problem, said Janice Johnson, chief executive officer
of Kids Central, which provides child welfare services in Hernando,
Citrus, Marion, Lake and Sumter counties.
''We take very, very seriously the confidentiality of client
information; it is paramount to what we do,'' Johnson said Wednesday.
``We have already made changes. We are resetting every password, and
we are changing the process by which we give out passwords.
''We are making sure that our information is protected and that this
never happens again,'' Johnson added.
Said Don Thomas, DCF's top administrator in the five-county district:
``We have taken immediate action when it became apparent there was a
flaw.''
CoBRIS, which stands for Community Based Resource Information System,
is being developed by a Tallahassee company, Edmetrics, that was
founded by former DCF Secretary James Bax. A company official said
previously that Bax sold his stake in the company early this year.
The 3-year-old company had no social service technology experience.
Bax was friendly with Ben Harris, DCF's former information chief who
helped shepherd the CoBRIS project with DCF and a coalition of private
providers. Harris resigned in July upon the release of a blistering
inspector general's report detailing widespread influence-peddling and
cronyism.
$528,000 YEARLY
Edmetrics stands to make $250,000 developing CoBRIS, and could earn
$440,000 installing the technology statewide among 22 private
child-welfare agencies, called community-based care providers, or
CBCs. The company also could earn as much as $528,000 in yearly
maintenance fees.
Officials at Edmetrics could not be reached for comment Wednesday.
''There's too much distance between the people who are supposed to be
taking care of the kids and any accountability,'' said Karen Gievers,
a longtime child advocate in Tallahassee. ``There are a lot of
individual contracts, and it's impossible to keep track of them all.
No one is monitoring to make sure the rights of children are protected
in this process.''
http://www.miami.com/mld/miamiherald/news/state/9796842.htm?1c
Defend your civil liberties! Get information at http://www.aclu.org, become a member at http://www.aclu.org/join and get active at http://www.aclu.org/action.