Multiple 'mistakes' led to massive health data breach, director says

"My initial focus will be working with the victims impacted in the breach, but in the long term, we know it is about rebuilding that public trust," said ombudsman Sheila Walsh-McDonald. "We have so many programs that are so dependent on sensitive health data and we need to gather and secure that data in order for those programs to be successful."

So far, there have been no reports of misuse of the ill-gotten information.

Officials are also working with the state's federal delegation to make replacement of a person's Social Security number less complicated than it is now, Patton said.

Moving forward, VanOrden, a veteran IT director who formerly worked with the Department of Workforce Services, said he will tighten security among personnel, including a possible checklist for any time a change is made to information stored on any one of the state's 2,000 servers and immediate termination for anyone who accesses information not pertinent to their jobs.

Such protocols were put into place while he was at DWS.

Fletcher, who was given an "appropriate" severance package after seven years with the agency, said the department should not be judged by this one "very significant" error that has had widespread impact, although he "takes that very seriously."

"There are a lot of bad guys out there trying to get access to these systems, so you have to be very, very vigilant," he said. "In the past seven years, the department has provided significant cost savings of over $75 million in the reduction of operating costs, increased online services over 30 percent, added new services, aligned very well with agencies, provided great accountability and service levels, and increased customer service satisfaction in all our services."

Patton said the incident has been educational, that much of what is being learned from the experience can be used to enhance the security of the state's other agencies as well as the health department.

"We have a lot of data … and that data has some very sensitive information and it does need to be protected," he said, adding that state leaders need to continue its monitoring and oversight of the technology department "to make sure we don't slip back into complacency and that we're diligent and vigilant in how we handle our security in the future."

E-mail: wleonard@desnews.com Twitter: wendyleonards

Read more: Security breach of state health data expands, affecting more than 700,000 people

Read more: Medicaid breach draws anger and more words of warning

Read more: State technology chief ousted over health data breach