Connect with us

Hi, what are you looking for?


Data Protection

Utah Governor Calls For Audit of Security and Data Storage Procedures

Utah Governor Calls For Audit of All State Technology Security and Data Storage Procedures Following Medicaid Data Breach

Utah Governor Calls For Audit of All State Technology Security and Data Storage Procedures Following Medicaid Data Breach

Following a recent data breach of a Utah Department of Technology Services (DTS) server that contained Medicaid patient information and exposed almost 800,000 individuals, Utah Governor Gary R. Herbert called for a comprehensive audit of all state technology security and data storage procedures.

When first announced early this month, Utah’s Department of Health initially reported that about 24,000 individuals were affected, but subsequent updates from the Department showed that the number was significantly higher and is now estimated to affect total of approximately 280,000 victims who had their Social Security numbers stolen and approximately 500,000 other victims who had less-sensitive personal information stolen.

Utah Medicaid Breach AuditAlso in response to the incident, Governor Herbert called a specific audit of the handling of personal information in the recent data breach.

“Individuals provide sensitive personal information to the government in a relationship of trust. It is tragic that not only data was breached, but now individual trust is also compromised,” Governor said. “DTS is doing everything they can to restore security. Now we must do everything we can to restore trust. Toward that aim, I am calling for an independent audit of all DTS security and data storage procedures and protocols.”

“Our immediate priority is to protect those whose personal information has been exposed. Therefore, we will continue to work with law enforcement, including the FBI, to find the criminals responsible.” he continued. “We have mobilized all available resources and personnel in an ‘all hands on deck, around the clock’ response until every victim is identified and notified. Rest assured, we are working to ensure it never happens again.”

“You can put all the locks on a house that you need, but if a thief chooses to look under your doormat for a front door key, he can easily enter and rob you blind,” said Robert Siciliano, an online security evangelist for McAfee. “While we do not have all of the specific details of the incident in Salt Lake City, it appears that the systems in question had the encryption measures required, but that a single user’s weak password could have provided access to these sensitive records. This is another reminder that the failure to implement organizational security policies is, in itself, a weak link in IT security.”

Advertisement. Scroll to continue reading.
Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.