Lawmakers attempt to resolve statewide security breach with new regulations
SALT LAKE CITY — Lawmakers intend to further rectify a statewide data breach that left the personal information of up to 800,000 Utahns at risk earlier this year.
Names, birth dates and Social Security numbers of individuals that were inappropriately stored on a Utah Department of Technology Services server were exposed to hackers in early April, leading to an international criminal investigation and widespread local mitigation of potential damages, including for identity theft.
The majority of individuals impacted by the breach were recipients of state Medicaid programs, including the Children's Health Insurance Program, however, a portion of the names and individuals affected were not participants in state insurance programs.
"Most of the people who were breached had no idea that their private information had been accessed through the government databases, and I'd guess that most didn't know they'd given authorization for that to happen," Sen. Stuart Reid, R-Ogden, who is sponsoring the draft legislation, told the Health and Human Services interim committee Wednesday.
The bill would require providers to notify patients that patient information queries might be sent to and from government databases, including various private information. It also requires the state to properly protect any information, utilizing the best available practices within the security industry. It would convene a security council of sorts to review those practices on an annual basis, as well as employ an audit every two years to ensure such practices are adhered.
"More than anything, we need to let our citizens know that we're doing all that we can to protect their private information," Reid said. He was among those notified after the breach that his information might have been compromised and he believes at least some of the information that was hacked, never should have been on the state server in the first place.
Sen. Allen Christensen, R-Ogden, said patients are already bombarded with paperwork when visiting a doctor's office or hospital, but he was assured that the required notification would be added to existing Health Insurance Portability and Accountability Act requirements, in which a patient releases private information for insurance purposes.
David Gessel, with the Utah Hospital Association, said the notice "won't be much of an additional burden, but it is important to be clear" what patients will be signing.
The bill was passed out of the committee unanimously and will next be addressed in the upcoming open session of the Utah Legislature.
- Relatives of Springville family 'shocked and...
- Body cam video helps D.A. clear officer in...
- Mother and son charged in drive-by shooting...
- A parent's worst nightmare: When a fever...
- Body cameras have played roles in 2...
- Family of slain 18-year-old pleads for...
- Litter left by target shooters in Hobble...
- Salt Lake County lands on Top 10 list of...
- Students rally for beard 'revolution'... 89
- Utah gay marriage case first in line at... 57
- Body cam video helps D.A. clear officer... 51
- Utah in wait-and-see mode on same-sex... 44
- Romney, Huntsman may both be taking... 39
- Granite School District reaches... 22
- New poll shows more support for Sen.... 20
- Group wants all to pay 'true' price for... 16