Electronic student info vulnerable to cyberattack, says AG
AG staff able to exploit system weakness in order to gain access to sensitive information
Nova Scotia's acting auditor general says an electronic student information system does not fully protect the confidentiality of sensitive personal information, including grades and medical information.
Alan Horgan says in a report today that his staff exploited security weaknesses to gain access to the iNSchool system, which also lists health card numbers and home addresses.
Horgan says there is a serious risk that someone could make unauthorized changes to the data and student safety could be compromised.
The acting auditor general says the iNSchool project team has already fixed the most critical security issues, but the report says a privacy assessment has yet to be completed.
There are intrusion-detection systems and firewalls in place, but Horgan says they could be improved and the report makes nine recommendations to enhance security.
Horgan says the Education Department and school boards should enforce strong passwords and account settings, track all requests for access and develop a disaster recovery plan.