The department’s vital records system received unauthorized changes to the internal site, resulting in the system being taken down for six days late last month.
Pennsylvania’s Department of Health took its vital records system offline for six days late last month, after unauthorized cosmetic changes were made to the internal site by someone familiar with the system.
The changes were discovered by an employee, who reported it to the state’s information technology department, Daniel Egan, press secretary at the Pennsylvania Office of Administration, told Government Technology.
As a result, the department’s vital records system was taken offline on June 20 for emergency maintenance and resumed on June 26. During this time, the vital records system was not able to process requests for copies of records, nor report new births or deaths, Egan said.
The Office of Administration investigated the issue, finding no data breach occurred and that no records had been viewed, altered, created or deleted, according to a statement from the agency.
If the records had been compromised, Pennsylvania would have been required to notify affected individuals in accordance with state and federal laws, the Office of Administration noted in its statement, adding that it is working with law enforcement on the case.
Egan declined to comment on how the site sustained unauthorized cosmetic changes and what mitigation efforts have since been deployed.
“To disclose to the public information about our security posture … would not be responsible,” he said.