Computer data theft is a scourge of the modern world. When it involves government, however, and especially the health care system, it is particularly egregious and harmful.
We're not surprised that Democratic Party leaders have been quick to blame Gov. Gary Herbert for the breach that allowed hackers access to a server containing a database of information about Medicaid patients. The access occurred March 30 and officials say whoever broke in began downloading information, including Social Security numbers, on April 1. The state discovered the theft on April 2.
Politicians can't escape the consequences for things that happen in a government's vast bureaucracy under their watch. Voters ultimately will decide how much Herbert had to do with this incident. The problem, however, has been pinned on an employee who didn't follow proper procedures, allowing a server to go online without putting the right security in place. That seems a bit out of the political realm, but that doesn't mean politicians can't do things to restore trust.
There is no way to minimize the seriousness of this mistake. Nearly 800,000 Utahns may have lost private information, including many whose Social Security numbers were taken. A thief who obtains a valid Social Security number has the ability to steal that person's identity, obtaining credit in that person's name and possibly accessing accounts and other information. The state has offered free credit monitoring for one year to those affected, but the damage could be far more difficult than that to repair.
Herbert was right this week to say his office must work hard to restore trust in state government. For those affected by this, that trust is understandably shattered. Restoring it ought to include a vigorous investigation, and the state should be clear as to what it will do to ensure such an error is not repeated.
For the public, there is little consolation other than to know that identities are vulnerable these days. The Utah breach came about the same time news broke that Atlanta-based Global Payments, which processes transactions on major credit cards, was hacked, putting possibly millions of cardholders' information at risk. Names, account numbers and expiration dates were stolen, according to reports, and the Secret Service is investigating.
Last year, hackers accessed about 200,000 Citigroup cardholders. Meanwhile, so-called "phishers" are hard at work daily, imitating legitimate businesses and trying to lure people into giving up personal information. Because of the nature of the Internet, thieves can be anywhere, and they can hide their identities.2 comments on this story
It's a dangerous world. But when a credit card is stolen, customers can often be reimbursed if they act quickly. The data stolen from the Utah database, however, came from people who are eligible for Medicaid, meaning they are among the most vulnerable and ill-equipped to handle such problems.
This is not a political problem so much as it is a public trust problem. The state should do all it can to alert potential victims, try to track down perpetrators and ensure the public such a thing won't happen again.