Near the end of 2017, hackers attacked the website of the Federal Motor Carrier Safety Administration (FMCSA).
The hack targeted the part of the website that drivers use to find DOT-certified medical examiners. Drivers need to connect with these examiners in order to obtain or renew their CDL medical certifications.
Five months later, the site still isn’t fully functional. What’s going on?
Overall, the FMCSA has remained mum on what exactly occurred. What we do know is that the hack happened on December 1, 2017 and knocked the website offline. The FMCSA tried to get the site back up on December 15. But the agency determined that security holes were still making the site vulnerable. So the agency made the decision to take the system offline.
Unfortunately, the medical examiners database contains sensitive information on the 58,000 examiners registered with the system. It also contains information on exams administered to truck drivers.
The U.S. Department of Transportation therefore made the decision to conduct a privacy impact assessment. Their goal was to determine if hackers had obtained personal information on either medical examiners or drivers.
The result? “There was no evidence of exposure of the personal information of drivers, medical examiners or motor carrier operators,” the agency said in a statement.
Overall, though, the agency has released little public information about the hack. Shortly after the attack, the agency posted a message on its registry site. It read, The National Registry of Certified Medical Examiners website is currently down. FMCSA IT Support is aware of the issue and is working on a solution to remedy the situation.
As of April 3, 2018, the agency changed the statement to read, The National Registry website is currently under construction with limited functionality.
The continued outage of the registry is now interfering with new safety rules.
In June of 2018, a new FMCSA rule was supposed to go into effect. It would have freed drivers from the obligation to carry their paper medical certifications with them.
Instead of providing drivers with paper certifications, medical examiners were supposed to electronically transit medical exam results to state licensing agencies.
However, with the medical examiners registry still down five months after the hack, the FMCSA was forced to push back the electronic certification rule – from June 2018 to June 2021.
The agency admitted that “an incident that occurred in early December 2017” caused interruptions to the new electronic transmission process. The agency then “reluctantly concluded” that it would be unable to start electronically transmitting drivers’ medical examiner certifications on time.
In the meantime, examiners must continue issuing paper medical certifications to drivers, and drivers must still provide their license-issuing state with a paper medical certificate.
Sources: FMCSA.gov, TT News, Overdrive Online, NRCME Training Online, CCJ Digital