Medicaid Records in Utah Stolen by Hackers
By Andrea Smardon
Salt Lake City, UT – Medicaid clients across the state are being advised to keep a close eye on their bank accounts. The Utah Department of Technology Services notified the Department of Health Monday evening of a data breach on a server that houses Medicaid claims. The personal information of up to 24,000 people may have been compromised.
The initial breach appears to have occurred late in the day on Friday, March 30th, but the Utah Department of Technology Services did not discover it until Monday. DTS Executive Director Stephen Fletcher says they do not yet have the names of those affected. The first priority was to shut out the hackers.
"We wanted to make sure that we shut down those servers, that we were protecting it, basically stop the bleeding so that we could identify all that would be affected," said Fletcher.
DTS had recently moved 24,000 Medicaid claims to a new server, and hackers - believed to be from Eastern Europe - were able to circumvent the server's security. Fletcher says the development server had weaker controls than the rest of the state's servers, but he said it still had a multilayered security system.
"They were very sophisticated, and we're not sure of the actual method of which they circumvented those controls. That's one of the things that we want to document so that we can put those controls in place so that this won't happen again," Fletcher said.
The Utah Department of Health expects to identify the clients and providers affected by the end of the week, and will be sending out letters with information on how to prevent fraud. In the meantime, the UDOH is advising all 260,000 Medicaid clients in the state to monitor their credit. More information is available at www.health.utah.gov or by calling 1-800-662-9651.