SALT LAKE CITY — The Utah Department of Health said Thursday it was trying to determine how many Medicaid records were compromised by a hacker a week ago in an investigation that is pointed both internally and overseas.

More than 24,000 participants in Utah's Medicaid may have had their information taken in a security breach traced to Eastern Europe. But it remained unknown what impact the breach would have.

Utah's Department of Technology Services, which runs the state's 525 information servers, was combing through files Thursday to confirm specifically what information was accessed.

DTS spokeswoman Stephanie Weiss said the protocol address points to Eastern Europe and the agency was working with the FBI to identify an exact location.

Hackers, Weiss said, gained access to a server containing Medicaid client information, on Friday afternoon. They began downloading information Sunday night. By Monday morning, DTS had stopped the breach.

"We know certain employees were around during that time," Weiss said, adding that as soon as the agency is able to identify what information is at stake, it will begin an internal investigation on what policies, if any, were not followed.

It was determined that at least 24,000 files had been compromised, but Hudachko said it was likely more. Each file could contain information for multiple Medicaid participants, up to hundreds, as some hospitals submit claims for dozens at a time.

Utah Health Policy Project Director Judi Hilman said the security breach reminded her of an incident in July 2010, when thousands of individuals' personal information was compromised after two employees illicitly accessed confidential information and distributed it to local media outlets.

"If you have a well-built system with good security across departments and across servers, you would have a way of weeding out the potential for a rogue employee and a way of monitoring an employee's day-to-day activity, so you could see who was going in this direction," Hilman said.

An internal investigation into "the list," which made the statuses of 15,000 illegal immigrants public, resulted in the firing of two Department of Workforce Services employees in 2010.

DTS is conducting its own internal investigation, after it was learned that typical protocols weren't followed, leading to the server breach. Details of the investigation were not released Thursday.

Hilman questions whether the system in place can handle the expected influx of Medicaid enrollees in 2014, when health care reform mandates will require eligibility standards to open wide enough to accept all of Utah's uninsured population.

"I don't want this to interfere with folks' ability to feel comfortable getting into Medicaid and staying in Medicaid and having it be their insurance plan," Hilman said. "The last thing in the world that we need is to have people worried about the security of their personal information if they enroll in these programs."

Until more answers are available, Utahns on Medicaid are cautioned to keep an eye on anything tied to their Social Security numbers, specifically unauthorized activity reported to any one of three credit reporting agencies in the country.

For more information, visit of call 1-800-662-9651.

Twitter: wendyleonards