News Stay informed about the latest enterprise technology news and product updates.

Server hacked -- Medicaid data breach affects 780,000 individuals

An estimated 780,000 people in the state of Utah have been affected by a recent Medicaid data breach, according to the FAQ document published by the Utah Department of Technology Services (DTS) and the Utah Department of Health (UDOH).

The data breach occurred on March 30, 2012 when computer hackers gained access to a Utah Department of Technology Services (DTS) computer server that stores Medicaid and CHIP claims data. Not all victims were Medicaid recipients — some could be patients whose information was sent to the state as part of a “Medicaid Eligibility Inquiry” to determine their Medicaid status.

The initial announcement on April 4 stated that approximately 24,000 claims were accessed during the breach, but as the investigation began, the number of individuals affected grew immensely. As of April 9, Utah DTS and UDOH officials believe that approximately 280,000 victims had their Social Security numbers stolen and approximately 500,000 other victims had less-sensitive personal information stolen. Utah DTS is giving one year of free credit monitoring services to victims who had their SSNs stolen.

Hackers were able to access the data “due to an error on the server at the password authentication level,” according to the FAQ. The FAQ also states that Utah DTS has security processes in place to prevent illegal server access, but the hacked server “was not configured according to normal procedure.”

This raises the question: What good are health care data security procedures if they are not being followed? Perhaps it was simply human error — maybe someone forgot to reset the default password, or checked off an incorrect box when configuring the settings — that left the server vulnerable to being hacked. Can data security procedures be tightened to account for the possibility of human error?

Utah’s DTS says it has “implemented new processes to ensure this type of breach will not happen again” and is taking additional steps “to improve security controls related to the implementation of computer hardware and software, as well as increased network monitoring and intrusion detection capabilities.”

Experts have predicted that health care data breaches will get worse before they get better, due to lax PHI security procedures. Utah’s Medicaid data breach reveals that even with security procedures in place, health care data remains vulnerable.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

#Medicaid #databreach leaves 280K in Utah vulnerable to #identifytheft 500K more had info stolen. Affects >1/4 of Utah.
Hacked! The latest #healthcare #databreach affects 780,000 people Server not configured properly #healthIT
RT @Steciw: Hacked! The latest #healthcare #databreach affects 780,000 people Server not configured properly. #HITsm
RT: SearchHealthIT: #Medicaid #databreach leaves 280K in Utah vulnerable to #identifytheft 500K more had info stolen...
#Medicaid #databreach affects 780,000 individuals: #HITsm
Sorry, 780K Utah Medicaid recipients. You've been hacked #HIPAA
RT @craigbyer: #Medicaid #databreach affects 780,000 individuals: #HITsm
Server hack attack — #Medicaid #databreach affects 780,000 individuals #HealthIT #HITsm #hcsm #HIPAA
RT @hitexchange: Server hack attack — #Medicaid #databreach affects 780,000 individuals #HealthIT #HITsm #hcsm #HIPAA
[...] On May 22, 2012, a Beth El Deaconess Medical Center (BIDMC) physician’s personal laptop containing patient information was stolen from his office, according to a BIDMC release. As data breaches go, the event’s impact was relatively low. The number of patients affected was smaller than in some recent breaches, including one in April at the Utah Department of Health, in which hackers made off with the personal data of about 800,000 Utah Medicaid patients. [...]
Medicare must see that it don't have any frauds as it is one of the sensible issue!