Skip to main content

OSHA Fears Breach, Shuts Down Injury Tracking App

By August 29, 2017March 11th, 2019No Comments

Less than one month after its launch, the U.S. Occupational Safety and Health Administration (OSHA) has suspended user access to its Injury Tracking Application (ITA) due to a security breach.

OSHA launched the application on Aug. 1 to allow employers to submit required injury and illness data electronically.  On Aug. 14, the U.S. Computer Emergency Readiness Team in the Department of Homeland Security contacted the agency to inform it of a potential compromise of user information, according to an OSHA spokesperson.

In an emailed statement, OSHA said that one company has been affected by the breach, and it has been notified of the issue. OSHA is temporarily suspending access to the ITA as it works with its system developer to determine the extent of the problem. OSHA’s tracking website currently states, “Alert: Due to technical difficulties with the website, some pages are temporarily unavailable.”

Although the electronic reporting rule initially required certain employers to start submitting their required information by July 1, 2017, the ITA website was not yet ready to receive electronic reports, and OSHA proposed Dec. 1, 2017, as the new deadline.

The final reporting requirements will be phased in over two years. After the 2017 requirement, establishments with 250 or more employees must submit information from all forms (Forms 300A, 300 and 301) by July 1, 2018. Beginning in 2019 and every year thereafter, the information must be submitted by March 2. Establishments with 20-249 employees in certain high-risk industries will also have the same requirements. Some of those industries include the following:
• Construction
• Utilities
• Support activities for air, rail, road and water transportation
• Equipment rental and leasing

Update: Monday, Aug. 28, the app was reactivated. It is not yet clear whether the breach will affect the Dec. 1 deadline. Many Conservation United advisors are encouraging clients to avoid reporting their data electronically until closer to that date, assuming OSHA is confident in its security. Nonetheless, affected establishments should monitor these developments, and continue to record and report workplace injuries as required by law.