Hackers steal medical records on 181,000 from Utah server
- By Kevin McCaney
- Apr 09, 2012
Hackers apparently operating in Eastern Europe broke into a Utah
Department of Technology Services server used to store medical data and
stole personal information on 181,604 people, the state’s Department of
Health reported.
The attack, which took place March 30, netted information on Medicaid
and Children’s Health Insurance Plan recipients, UDOH said in an update on the breach. About 25,000 of those recipients had their Social Security numbers compromised.
The department initially reported the breach April
4, saying that information on about 24,000 Medicaid recipients had been
taken. In the more recent update, it said its investigation showed that
CHIP recipient data also had been taken.
Related stories:
Best defense? Start by admitting hackers will get in anyway.
To hackers, government users are phish in a barrel
The Department of Technology Services said it at first appeared that
the hackers took 24,000 claims, but in fact they removed 24,000 files,
each one of which can contain information on hundreds of individuals.
DTS said the hackers appeared to be operating out of Eastern Europe but
provided no further details.
DTS said the hackers took advantage of a configuration error at the
authentication level of the server’s multilayer security system. The
department has identified the breakdown and implemented corrective
measures, and it is taking steps to improve its hardware and software
security, according to the state’s announcement.
UDOH said it will begin contacting the people involved, starting with
those whose Social Security numbers may have been compromised. They’ll
get a letter with instructions on how to take advantage of free credit
monitoring for a year. Others will receive instructions on how to
protect themselves, UDOH said.
Recipients who have online access to their information via a My Case
account with the state also will receive an e-mail notification and will
have information on the breach posted to their accounts.
"We understand clients are worried about who may have accessed their
personal information, and that many of them feel violated by having
their information compromised," UDOH Deputy Director Michael Hales said
in the department’s announcement. "But we also hope they understand we
are doing everything we can to protect them from further harm."
UHOH and DTS are continuing their investigation and said they will
continue to issue updates. Medicaid clients can call 1-800-662-9651 to
get more information on how to protect themselves and their identities.
About the Author
Kevin McCaney is a former editor of Defense Systems and GCN.