Link to Owner Dr. Robert B. Pamplin Jr.



Christmas Day attack on the state's iLearn web program left thousands unable to access mandatory training.

PMG FILE PHOTO - An attempted cyber attack has thrown a roadblock into mandatory training for thousands of state employees.Thousands of state employees across dozens of Oregon agencies are awaiting the reinstatement of Oregon's online training system after a Christmas Day cyber attack forced the state Department of Administrative Services to pull down the website.

An unknown hacker was caught Christmas Day trying to exploit a previously unknown vulnerability in the state website, officials said. State cyber security systems detected and blunted the attempted breach.

PMG/EO MEDIA/SRNo information was compromised, but the training site was shut down until the state and the program vendor — Meridian Knowledge Solutions — can fix the vulnerability and ensure its security.

DAS Communications Director Elizabeth Craig said the agency expects to have the website back in operation by mid-January. Craig said the vendor had to design and then test the fix to be sure it didn't trigger other issues. "Once that fix was given to the state, we had to install it and perform our own testing to ensure the vulnerability has been addressed and that the application is working properly," she said.

But the outage, now going on two weeks, has thrown into disarray the training schedules of various state agencies.

According to Michael Beagen, state Department of Corrections training coordinator, more than 5,000 corrections employees and contractors are waiting to complete 17 online courses that were scheduled the last two weeks. An additional 21 courses for basic corrections training are currently unavailable, and the shutdown prevents the agency from submitting rosters for classroom trainings required to certify new corrections officers.

The agency was to be conducting in-service training this week that included a 12-hour block for online courses. Since the trainings were unavailable, security employees had to either use vacation time to await the training or return to work at their respective facilities.

"Due to the nature of our business, this is often the only time our security staff can complete the training online due to work assignments within our institutions," Beagen said. "This will have a prolonged impact, as a future relief factor will need to be implemented in order for those staff who were unable to complete their online training during their in-service week will need to be relieved from posts in order to do so."

Another 200 corrections employees couldn't finish a pair of courses that were mandatory for all state employees to complete by Dec. 31. The Department of Administrative Services initially extended that deadline to Jan. 7 and now has set a Jan. 31 date.

At the Oregon Health Authority, more than 4,000 full- and part-time employees are waiting to take four required training modules. Those trainings cover Oregon ethics law, public records, security and privacy awareness, as well as module for human resources and managers on domestic violence, harassment, sexual assault and stalking.

This email address is being protected from spambots. You need JavaScript enabled to view it.

You count on us to stay informed and we depend on you to fund our efforts. Quality local journalism takes time and money. Please support us to protect the future of community journalism.

Go to top
JSN Time 2 is designed by | powered by JSN Sun Framework