Medicaid breach reminiscent of 'the list,' with personal info leaked
SALT LAKE CITY — The Utah Department of Health said Thursday it was trying to determine how many Medicaid records were compromised by a hacker a week ago in an investigation that is pointed both internally and overseas.
More than 24,000 participants in Utah's Medicaid may have had their information taken in a security breach traced to Eastern Europe. But it remained unknown what impact the breach would have.
Utah's Department of Technology Services, which runs the state's 525 information servers, was combing through files Thursday to confirm specifically what information was accessed.
DTS spokeswoman Stephanie Weiss said the protocol address points to Eastern Europe and the agency was working with the FBI to identify an exact location.
Hackers, Weiss said, gained access to a server containing Medicaid client information, on Friday afternoon. They began downloading information Sunday night. By Monday morning, DTS had stopped the breach.
"We know certain employees were around during that time," Weiss said, adding that as soon as the agency is able to identify what information is at stake, it will begin an internal investigation on what policies, if any, were not followed.
It was determined that at least 24,000 files had been compromised, but Hudachko said it was likely more. Each file could contain information for multiple Medicaid participants, up to hundreds, as some hospitals submit claims for dozens at a time.
Utah Health Policy Project Director Judi Hilman said the security breach reminded her of an incident in July 2010, when thousands of individuals' personal information was compromised after two employees illicitly accessed confidential information and distributed it to local media outlets.
"If you have a well-built system with good security across departments and across servers, you would have a way of weeding out the potential for a rogue employee and a way of monitoring an employee's day-to-day activity, so you could see who was going in this direction," Hilman said.
An internal investigation into "the list," which made the statuses of 15,000 illegal immigrants public, resulted in the firing of two Department of Workforce Services employees in 2010.
DTS is conducting its own internal investigation, after it was learned that typical protocols weren't followed, leading to the server breach. Details of the investigation were not released Thursday.
Hilman questions whether the system in place can handle the expected influx of Medicaid enrollees in 2014, when health care reform mandates will require eligibility standards to open wide enough to accept all of Utah's uninsured population.
"I don't want this to interfere with folks' ability to feel comfortable getting into Medicaid and staying in Medicaid and having it be their insurance plan," Hilman said. "The last thing in the world that we need is to have people worried about the security of their personal information if they enroll in these programs."
Until more answers are available, Utahns on Medicaid are cautioned to keep an eye on anything tied to their Social Security numbers, specifically unauthorized activity reported to any one of three credit reporting agencies in the country.
For more information, visit www.health.utah.gov of call 1-800-662-9651.
- Lehi toddler killed in accident remembered as...
- Preparing to split up, LDS General Primary...
- A river runs dry: Water and the future of...
- Cyclist killed on training run after...
- Photo gallery: Holi festival immerses Utahns...
- Utah taxpayers will pay millions more in wake...
- American Fork cyclist killed during training...
- Boy, 3, killed in Lehi scooter accident
- President Obama to make first trip to... 113
- BYU student claims he was evicted after... 57
- Utah taxpayers will pay millions more... 41
- Sen. Harry Reid's retirement recalls... 40
- Cyclist killed on training run after... 23
- School leaders look for solutions to... 22
- A river runs dry: Water and the future... 15
- Man who crashed truck into house... 12