Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Disaster Recovery

Breach at Utah Department of Health Worse Than Originally Thought

Utah Department of Health Suffers Data Breach Aimed at Medicaid

Utah Department of Health Suffers Data Breach Aimed at Medicaid

Update 04/09/12 – On Monday the Utah Department of Health made an addittional update following publication of this story, saying that up to 255,000 additional people had their Social Security numbers listed in data stolen from a computer server last week and as many as 350,000 additional people may have had other, less-sensitive information, such as their names, birth dates, and addresses accessed through eligibility inquiries. It is now believed that a total of approximately 280,000 victims had their Social Security numbers stolen and approximately 500,000 other victims had less-sensitive personal information stolen.

Officials in Utah’s Department of Health (UDOH) alerted parents and patients on Friday to the fact that the data breach disclosed previously was much larger than initially reported. In all, some 181,604 people are affected by the security incident.

The attackers hit a server that stores Medicaid claims and Children’s Health Insurance Plan (CHIP) data. Typically, the UDOH notice explains, claims stored on servers like the one breached could include client names, addresses, birth dates, Social Security numbers, physician’s names, national provider identifiers, addresses, tax identification numbers, and procedure codes designed for billing purposes.

Initially, the Utah Department of Technology Services reported to the UDOH that the breach impacted 24,000 records. “However, as the investigation progressed, DTS determined the thieves actually removed 24,000 files. One single file can potentially contain claims information on hundreds of individuals,” the UDOH said in a statement.

Approximately 181,604 Medicaid and CHIP recipients had their personal information removed from the server, the UDOH clarified. Of those individuals, 25,096 appear to have had their Social Security numbers compromised.

Those impacted by the breach will receive letters explaining what they should do to protect themselves, including identity theft monitoring. In addition, the UDOH will offer one year of free monitoring to the potential victims.

Despite the layered security controls in place within the UDOH network, it is believed that attackers from Eastern Europe were able to exploit authentication and configuration controls in order to pull off the attack.

Advertisement. Scroll to continue reading.

“In this particular incident, a configuration error occurred at the authentication level, allowing the hacker to circumvent the security system. DTS has processes in place to ensure the state’s data is secured, but this particular server was not configured according to normal procedure,” the UDOH statement explained, addressing questions posed after the initial notification concerning how the event occurred.

DTS has identified where the breakdown occurred and has implemented new processes to ensure this type of breach will not happen again, the statement added. Additional steps are being implemented to improve security controls related to the implementation of computer hardware and software, as well as increased network monitoring and intrusion detection capabilities.

“We understand clients are worried about who may have accessed their personal information, and that many of them feel violated by having their information compromised. But we also hope they understand we are doing everything we can to protect them from further harm,” commented UDOH Deputy Director Michael Hales.

The investigation into the breach is ongoing the agency said, more information will be made public if it is relevant.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...