Hackers target Medicaid claim forms in Utah

Share this article:

Hackers, believed to be operating out of Eastern Europe, breached a server at the Utah Department of Health (UDOH) to access thousands of Medicaid records.

How many victims? 24,000 claims were compromised. The state has 260,000 Medicaid patients.

What type of personal information? That remains under investigation. But typically claims include names, Social Security numbers, addresses, birth dates, doctor names and tax ID numbers.

What happened? The Utah Department of Technology Services (DTS) recently migrated the claims to a new server, which was supposed to be protected with multiple layers of security. Either the server was not properly secured, or the hackers were able to evade the defenses that were in place.

The attackers compromised the server on Friday and began downloading information Sunday night. The breach was discovered the following day, and the server has since been taken offline.

Details: The intruders, whose activity was traced back to Eastern Europe (though investigators are unsure if that's exactly where they were located), apparently used passwords to gain access to the server.

What was the response? UDOH is still investigating exactly how many people were affected, and it will notify them via mail. Individuals whose claims included Social Security numbers will receive one year of free credit monitoring.

As it performs this work, the agency is advising all Medicaid recipients in the state to check their credit and bank statements for possible indicators of fraud.

Meanwhile, DTS is analyzing all state servers to ensure they are protected, as well as reviewing statewide IT policies and procedures.

Source: Utah Department of Health, news release, "State Agencies Investigating Data Breach," April 4, 2012. The Salt Lake Tribune, sltrib.com, "Worker error exposes Utah Medicaid patients to hackers," April 4, 2102.

UPDATED: State officials said the number of victims was actually much higher than initially believed because the stolen records were actually files, not individual claim forms.

Share this article:

Next Article in The Data Breach Blog

Sign up to our newsletters


More in The Data Breach Blog

Laptop stolen from Self Regional Healthcare contained patient data

As least 500 patients of Self Regional Healthcare have been notified that their personal information was on a laptop stolen from a Self Regional facility.

Thousands had data on computers stolen from California medical office

Bay Area Pain Medical Associates notified about 2,780 patients that their data was on computers stolen from its California offices.

Subcontractor breach impacts 1,700 in Dominion Resources employee wellness plan

About 1,700 people in the Dominion Resources employee wellness program have been notified that their data was accessed in a breach.