Request a Demo
Request A Demo
+1.216.765.7100
close

EHSvoice

Dakota Software's Blog for EHS and Sustainability Professionals

OSHA's online incident reporting application breached

September 5th, 2017 by Dakota Software Staff

OSHA's online incident reporting application breached

On August 14, the U.S. Department of Homeland Security notified OSHA of a breach of security on its recently activated online incident reporting page.

According to Bloomberg BNA, Homeland Security reported some electronically submitted company information was potentially compromised and as a result, OSHA shut the application portal down on August 16.

"One company appears to have been affected and that company has been notified of the issue," a DOL official told Bloomberg.

The company whose information was tampered with was not named by the DOL representative.

"While we do not know the details of the security incident or what company information was compromised, it is unsettling for employers that a security incident occurred that was significant enough that it required the site to be shut down," said Lillian Moon, an Orlando attorney, to the Society for Human Resource Management.

Complicated situation for regulation some saw as risky

As previously reported, the Injury Tracking Application system officially went live on August 1 and was built to allow applicable companies to submit their 2016 illness and incident records online.

The health and safety compliance was proposed in 2016 during the Obama administration but was cut following President Donald Trump's election. It was eventually reinstated and in its first phase of implementation, only generic information was required.

Moon told the SHRM that, beginning in July 2018, the information requested through Forms 300, 301 and 300A will be more personal and specific; things like employee names, addresses, job titles and health care providers will all be called for.

"OSHA has promised to scrub personal identifiers from this information, but a data breach could expose such information residing in OSHA's database," said Matthew Deffebach, a Houston-based attorney, to SHRM.

He noted that the recent data breach makes OSHA's ability to protect user data by removing it from places where it's vulnerable a questionable manner.

The ITA website has since been reactivated but there is no word on what measures were taken to prevent future attacks.

Deborah Berkowitz, former OSHA chief of staff during the Obama Administration and current senior fellow at D.C.'s National Employment Law Project, has confidence in the safety organization's ability to guard information.

She told SHRM that the agency has gathered and safely preserved sensitive employer and employee data for decades and that she has "complete faith" they will continue to do so.

Berkowitz said without such precise data, OSHA would not be able to properly assess which industries and companies pose the greatest risks to employee safety, and enforce regulation accordingly.

It is unclear what the Trump administration will do in light of the recent data breech.

Be Part of the Solution

Sign up for the Dakota EHS e-Newsletter for monthly updates from our regulatory and industry experts.

subscribe