After a quiet June, July began with an uptick in the number of IT snafus, snarls and hitches. We start off with a “programming error” that led to the personal information on nearly two hundred thousand Indiana citizens potentially being sent to the wrong people.
Indiana Family and Social Services Recipients’ Information Inadvertently Disclosed
Last week, the Indiana Family and Social Services Administration (FSSA) announced that the personal information of up to 187 533 clients may have been accidentally disclosed to unauthorized individuals by a “computer programming error” in a document management system that supports the FSSA. According to the FSSA announcement, the error which was made by its contractor, RCR Technology Corporation, “caused an undetermined number of documents being sent to clients to be duplicated and also inserted with documents sent to other clients.”
The type of information mistakenly sent included, “name, address, case number, date of birth, gender, race, telephone number, email address, types of benefits received, monthly benefit amount, employer information, some financial information such as monthly income and expenses, bank balances and other assets, and certain medical information such as provider name, whether the client receives disability benefits and medical status or condition, and certain information about the client’s household members like name, gender and date of birth.” Social security information on another 3 926 recipients may have also been mistakenly sent to the wrong people, the FSSA said.
The FSAA said that because the way its correspondence is printed and mailed, it can’t figure out exactly how many of its clients had their personal information accidentally disclosed. As of last week, it knows of at least 14 of its clients have reported receiving information that wasn’t theirs, the AP reported. The FSSA is telling anyone who receives someone else’s information should turn it into a local FSSA office or shred it.
While the programming error happened on 6 April, it wasn’t discovered until 10 May; the error was finally fixed on 21 May. When the FSSA was asked why the information wasn’t disclosed until 1 July, it tried to pass the buck to the Indiana’s Attorney General’s office which the FSAA said had to be involved with any disclosure and proposed solution.
The FSSA, along with the contractor RCR, has apologized and is promising to take step to ensure the problem doesn’t happen again. Apparently, this is all FSSA clients can expect in this case, for Indiana has decided to forego paying for a year of credit monitoring for its FSSA’s clients, which has become standard in these types of disclosure situations . Instead, Indiana has “advised” FSSA clients regarding how they can protect themselves from identity theft that might result from the state’s error.
No doubt FSSA clients, among the poorest in the state, greatly appreciate the sage advice.
Victoria’s Emergency Dispatch System Goes Down for Third Time in Two Months
It looks like New York City isn’t the only one having trouble with an emergency dispatch system. According to the Age, a software-related problem with Ambulance Victoria’s computer aided dispatch system caused the Australian state’s ambulance services to be “plunged into chaos” last Friday night at around 7:40 pm local time. It was another three hours before operations returned to normal. While the Ambulance Victoria was able to switch to its manual back-up systems, some ambulances were delayed for as long as 45 minutes instead of the allowed 90 seconds before being dispatched, an AAP story reported.
The Age reported that Emergency Services Telecommunications Authority corporate affairs manager Rosie Mullaly explained the dispatch system had been experiencing “some slowness and lagging” Friday evening, and so a decision was made to go to the manual back-up system until “the issue could be resolved.” Mullaly said that problem was with “a secondary software system” that was seemingly interfering with the operations of the emergency dispatch system.
Victorian Health Minister David Davis in a bit of understatement called the latest emergency dispatch system problem, the third in the past two months, “not ideal,” but promised to look into the situation. Davis didn’t provide any deadline for when the investigation would be finished, however.
Detroit, Michigan’s new Police Chief James Craig was more forthright in expressing his displeasure with his city’s emergency service failure that coincidentally also happened on Friday. ABC News Station WXYZ in Detroit reported that around 5:30 am Friday morning, the “radio system used for communication between 911 dispatchers and Detroit's police, fire and EMS crews” failed and for some unknown reason the back-up communication system also failed to operate properly. The city had to use the Michigan State Police communication system as a back-up.
Craig said he was “appalled” by the failure of the redundant radio system, especially since Detroit had a maintenance contract with Motorola, the radio system vendor, to ensure that such a failure wouldn’t occur. Apparently, periodic tests to ensure the back-up system would work in the event of a failure of the main radio system were not being performed. Craig stately flatly in a news conference that “this will not happen again;” at the time he was “flanked by a representative of Motorola,” WXYZ reported.
As of today, it is still unclear whether Detroit’s main radio system is back-up and operating normally or whether the city is still depending on the Michigan State Police radio system.
More Chrysler Automation Related Recalls
After recalling some 460 000 vehicles for software-related issues last month, Chrysler announced a recall of 840 000 vehicles, Reuters reported last Wednesday.
Reuters says that Chrysler issued five separate recalls covering 490 000 cars and SUVs for an active‐restraint head rest issue, and another 282 000 minivans for possible malfunction involving air bags. The reason for the active-restraint head rest recall is because of “potentially faulty microcomputer components for head rests that are designed to move forward during rear‐end crashes.” Reuters quotes Chrysler as stating that, “The potentially faulty microcontrollers were installed in a supplied component. They entered the supply chain after the 2011 earthquake and tsunami in Japan caused a worldwide microcontroller shortage.” TRW Automotive Holdings was the supplier of the microcontroller, Chrysler said.
The microcontroller recall includes 2011‐2013 Chrysler Sebring, Chrysler 200, Dodge Avenger and Jeep Liberty vehicles, as well as 2011‐2012 Dodge Nitro SUVs, Reuters states.
The air bag recall involves 2013 model year Chrysler minivans. In this case, “a side air bag software component was not programmed properly, which could affect proper deployment,” Reuters stated. Apparently, the wrong side air bag can deploy in a crash.
In addition, 69 000 2013 Ram 1500 pickup trucks with all-wheel drive were also recalled by Chrysler because of a potential electronic stability control software issue. Dealers were reporting that the electronic stability control lamp was illuminating, indicating the system was off when it wasn’t.
Chrysler wasn’t alone in announcing an automation-related recall last week. Toyota announced that it was recalling 185 000 vehicles world-wide “due to a faulty computer system in the power steering,” the Wall Street Journal reported. The WSJ stated that 109 000 Vitz compacts (aka the Yaris in overseas markets) made between November 2010 and March 2012, as well as 65 000 Ractis compacts (aka the Verso-S) made between August 2010 and August 2011 are being recalled. Another 11 000 Ractis compacts that are made for Fuji Heavy Industries and are sold by Fuji under the Subaru Trezia model name are being recalled, too.
Got all that?
Also of Interest…
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.