Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Utah Governor Calls For Audit of Security and Data Storage Procedures

Utah Governor Calls For Audit of All State Technology Security and Data Storage Procedures Following Medicaid Data Breach

Utah Governor Calls For Audit of All State Technology Security and Data Storage Procedures Following Medicaid Data Breach

Following a recent data breach of a Utah Department of Technology Services (DTS) server that contained Medicaid patient information and exposed almost 800,000 individuals, Utah Governor Gary R. Herbert called for a comprehensive audit of all state technology security and data storage procedures.

When first announced early this month, Utah’s Department of Health initially reported that about 24,000 individuals were affected, but subsequent updates from the Department showed that the number was significantly higher and is now estimated to affect total of approximately 280,000 victims who had their Social Security numbers stolen and approximately 500,000 other victims who had less-sensitive personal information stolen.

Utah Medicaid Breach AuditAlso in response to the incident, Governor Herbert called a specific audit of the handling of personal information in the recent data breach.

“Individuals provide sensitive personal information to the government in a relationship of trust. It is tragic that not only data was breached, but now individual trust is also compromised,” Governor said. “DTS is doing everything they can to restore security. Now we must do everything we can to restore trust. Toward that aim, I am calling for an independent audit of all DTS security and data storage procedures and protocols.”

“Our immediate priority is to protect those whose personal information has been exposed. Therefore, we will continue to work with law enforcement, including the FBI, to find the criminals responsible.” he continued. “We have mobilized all available resources and personnel in an ‘all hands on deck, around the clock’ response until every victim is identified and notified. Rest assured, we are working to ensure it never happens again.”

“You can put all the locks on a house that you need, but if a thief chooses to look under your doormat for a front door key, he can easily enter and rob you blind,” said Robert Siciliano, an online security evangelist for McAfee. “While we do not have all of the specific details of the incident in Salt Lake City, it appears that the systems in question had the encryption measures required, but that a single user’s weak password could have provided access to these sensitive records. This is another reminder that the failure to implement organizational security policies is, in itself, a weak link in IT security.”

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

DARPA veteran Dan Kaufman has joined Badge as SVP, AI and Cybersecurity.

Kelly Shortridge has been promoted to VP of Security Products at Fastly.

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.