Breach, Data Security, Network Security, Vulnerability Management

Hackers target Medicaid claim forms in Utah

Hackers, believed to be operating out of Eastern Europe, breached a server at the Utah Department of Health (UDOH) to access thousands of Medicaid records.

How many victims? 24,000 claims were compromised. The state has 260,000 Medicaid patients.

What type of personal information? That remains under investigation. But typically claims include names, Social Security numbers, addresses, birth dates, doctor names and tax ID numbers.

What happened? The Utah Department of Technology Services (DTS) recently migrated the claims to a new server, which was supposed to be protected with multiple layers of security. Either the server was not properly secured, or the hackers were able to evade the defenses that were in place.

The attackers compromised the server on Friday and began downloading information Sunday night. The breach was discovered the following day, and the server has since been taken offline.

Details: The intruders, whose activity was traced back to Eastern Europe (though investigators are unsure if that's exactly where they were located), apparently used passwords to gain access to the server.

What was the response? UDOH is still investigating exactly how many people were affected, and it will notify them via mail. Individuals whose claims included Social Security numbers will receive one year of free credit monitoring.

As it performs this work, the agency is advising all Medicaid recipients in the state to check their credit and bank statements for possible indicators of fraud.

Meanwhile, DTS is analyzing all state servers to ensure they are protected, as well as reviewing statewide IT policies and procedures.

Source: Utah Department of Health, news release, "State Agencies Investigating Data Breach," April 4, 2012. The Salt Lake Tribune,, "Worker error exposes Utah Medicaid patients to hackers," April 4, 2102.

UPDATED: State officials said the number of victims was actually much higher than initially believed because the stolen records were actually files, not individual claim forms.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.