Security Warning for RI Treasury Unaddressed - Blame Put on Legislature

Security Warning for RI Treasury Unaddressed - Blame Put on Legislature

According to a Rhode Island General Auditor’s report, the Rhode Island Treasury has a significant vulnerability in its technology security structure.

The most recent Auditor's report for the fiscal year ending on June 30, 2023, states:

“The Treasury lacks dedicated internal audit and information system (IS) security functions common in most state Treasury operations to ensure that financial and IS security controls are in place and operating effectively.”

GET THE LATEST BREAKING NEWS HERE -- SIGN UP FOR GOLOCAL FREE DAILY EBLAST

 

 

Blame on the General Assembly

In response to questions, General Treasurer James Diossa's office said they are working on the issue but also pushed some of the blame on the Rhode Island General Assembly.

Diossa’s office said that they had repeatedly requested additional staffing to address

“The Auditor General's 2023 report included a management comment recommending the implementation of an internal audit function and the determination of necessary resources, personnel, or contract to implement that function. This was not a finding. ERSRI has completed a request for proposals for qualified firms to provide internal audit functions. We anticipate issuing that RFP in January of 2025,” said Diossa’s office on Tuesday night in an email to GoLocal.

“The report also referenced information systems security functions and controls. Treasury has, for the past several budget cycles, requested an additional FTE to address IS and cyber security matters. We have included this request in this year's budget proposal as well. In the meantime, we have contracted with outside cyber security providers and adhered to all standard security protocols,” added Diossa’s office.

This unaddressed security lapse was flagged by businessman Ken Block and was published in a Guest MINDSETTER™ published on GoLocal.

Presently, Rhode Island's social service and healthcare technology infrastructure has been attacked by cybercriminals. The Auditor General's warnings about technology security vulnerabilities went unaddressed by Governor Dan McKee's administration.