Over 181,000 MEDICAID/CHIP enrollees have had their personal information stolen and 25,000 of those people had their Social Security numbers (SSNs) compromised after the Utah Department of Health was hacked. The hackers are believed to be residing in Eastern Europe and attacked the agency's system on March 30, 2012.
What is particularly threatening about this attack is the fact that the stolen records included personal information including client names, addresses, birth dates, SSNs, physician’s names, national provider identifiers, addresses, tax identification numbers, and procedure codes designed for billing purposes.
How were these hackers able to access such sensitive information?
Utah's Department of Technology Services (DTS) recently moved the claims records to a new server that was susceptible due to a configuration error at the authentication level. This allowed hackers to get around the security system and steal the sensitive information.
The hack necessitates all Medicaid clients to carefully monitor their credit and bank accounts. The 25,000 people whose SSN's were stolen will receive free credit monitoring services for a year. But will this be enough to protect people?
Michael Hales, Deputy Director of the Utah Department of Health responded to the breach by saying, “We understand clients are worried about who may have accessed their personal information, and that many of them feel violated by having their information compromised. But we also hope they understand we are doing everything we can to protect them from further harm.”
DTS has implemented new procedures to ensure that this type of breach will never happen again. Additional steps are being implemented to improve security controls related to the implementation of computer hardware and software, as well as increased network monitoring and intrusion detection capabilities.