Connect with us

Hi, what are you looking for?


Disaster Recovery

Breach at Utah Department of Health Worse Than Originally Thought

Utah Department of Health Suffers Data Breach Aimed at Medicaid

Utah Department of Health Suffers Data Breach Aimed at Medicaid

Update 04/09/12 – On Monday the Utah Department of Health made an addittional update following publication of this story, saying that up to 255,000 additional people had their Social Security numbers listed in data stolen from a computer server last week and as many as 350,000 additional people may have had other, less-sensitive information, such as their names, birth dates, and addresses accessed through eligibility inquiries. It is now believed that a total of approximately 280,000 victims had their Social Security numbers stolen and approximately 500,000 other victims had less-sensitive personal information stolen.

Officials in Utah’s Department of Health (UDOH) alerted parents and patients on Friday to the fact that the data breach disclosed previously was much larger than initially reported. In all, some 181,604 people are affected by the security incident.

The attackers hit a server that stores Medicaid claims and Children’s Health Insurance Plan (CHIP) data. Typically, the UDOH notice explains, claims stored on servers like the one breached could include client names, addresses, birth dates, Social Security numbers, physician’s names, national provider identifiers, addresses, tax identification numbers, and procedure codes designed for billing purposes.

Initially, the Utah Department of Technology Services reported to the UDOH that the breach impacted 24,000 records. “However, as the investigation progressed, DTS determined the thieves actually removed 24,000 files. One single file can potentially contain claims information on hundreds of individuals,” the UDOH said in a statement.

Approximately 181,604 Medicaid and CHIP recipients had their personal information removed from the server, the UDOH clarified. Of those individuals, 25,096 appear to have had their Social Security numbers compromised.

Those impacted by the breach will receive letters explaining what they should do to protect themselves, including identity theft monitoring. In addition, the UDOH will offer one year of free monitoring to the potential victims.

Advertisement. Scroll to continue reading.

Despite the layered security controls in place within the UDOH network, it is believed that attackers from Eastern Europe were able to exploit authentication and configuration controls in order to pull off the attack.

“In this particular incident, a configuration error occurred at the authentication level, allowing the hacker to circumvent the security system. DTS has processes in place to ensure the state’s data is secured, but this particular server was not configured according to normal procedure,” the UDOH statement explained, addressing questions posed after the initial notification concerning how the event occurred.

DTS has identified where the breakdown occurred and has implemented new processes to ensure this type of breach will not happen again, the statement added. Additional steps are being implemented to improve security controls related to the implementation of computer hardware and software, as well as increased network monitoring and intrusion detection capabilities.

“We understand clients are worried about who may have accessed their personal information, and that many of them feel violated by having their information compromised. But we also hope they understand we are doing everything we can to protect them from further harm,” commented UDOH Deputy Director Michael Hales.

The investigation into the breach is ongoing the agency said, more information will be made public if it is relevant.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.