Hackers steal medical records on 181,000 from Utah server

Hackers apparently operating in Eastern Europe broke into a Utah Department of Technology Services server used to store medical data and stole personal information on 181,604 people, the state’s Department of Health reported.

The attack, which took place March 30, netted information on Medicaid and Children’s Health Insurance Plan recipients, UDOH said in an update on the breach. About 25,000 of those recipients had their Social Security numbers compromised.

The department initially reported the breach April 4, saying that information on about 24,000 Medicaid recipients had been taken. In the more recent update, it said its investigation showed that CHIP recipient data also had been taken.

Related stories:

Best defense? Start by admitting hackers will get in anyway.

To hackers, government users are phish in a barrel

The Department of Technology Services said it at first appeared that the hackers took 24,000 claims, but in fact they removed 24,000 files, each one of which can contain information on hundreds of individuals. DTS said the hackers appeared to be operating out of Eastern Europe but provided no further details.

DTS said the hackers took advantage of a configuration error at the authentication level of the server’s multilayer security system. The department has identified the breakdown and implemented corrective measures, and it is taking steps to improve its hardware and software security, according to the state’s announcement.

UDOH said it will begin contacting the people involved, starting with those whose Social Security numbers may have been compromised. They’ll get a letter with instructions on how to take advantage of free credit monitoring for a year. Others will receive instructions on how to protect themselves, UDOH said.

Recipients who have online access to their information via a My Case account with the state also will receive an e-mail notification and will have information on the breach posted to their accounts.

"We understand clients are worried about who may have accessed their personal information, and that many of them feel violated by having their information compromised," UDOH Deputy Director Michael Hales said in the department’s announcement. "But we also hope they understand we are doing everything we can to protect them from further harm."

UHOH and DTS are continuing their investigation and said they will continue to issue updates. Medicaid clients can call 1-800-662-9651 to get more information on how to protect themselves and their identities.

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected