Utah Medicaid Claims Data Hacked Affecting Over 24,000

by | Apr 5, 2012 | Data Breach Laws, HIPAA

Utah Medicaid Claims Data Hacked Affecting Over 24,000

The Utah Department of Health (UDOH) has experienced a data breach of its Medicaid claims data of over 24,000 individuals.  The breach was reported to UDOH by the Utah Technology Services Department on Monday, April 2nd, and while the initial hacking is suspected to have occurred on Friday, March 30th, UDOH stated that information began to be removed from the server on Sunday, April 1 (perhaps merely coinciding with April Fools’ Day…). 

Currently, UDOH suspects the hackers originated from Eastern Europe, and according to Reuters, has been able to pinpoint it to within certain countries.  The Department of Technology Services had recently moved the claims data to a new server, and, despite a multi-layered security system, the hackers were able to circumvent and access potentially client names, addresses, birth dates, Social Security numbers, physician’s names, national provider identifiers, addresses, tax identification numbers, and procedure codes for billing.

UDOH is still investigating the scope of the breach, and has yet to determine exactly what types of information were compromised as well as the identities of all of the affected Medicaid clients.  So far, UDOH believes only one server was hacked.  The affected server was shut down, and new security measures implemented, according to Reuters and UDOH. 

UDOH is currently advising all Medicaid clients to monitor their credit and bank accounts until those affected can be fully identified and notified.  According to KSL.com, Technology Services Executive Director Steve Fletcher said the server had “weaker controls” than the original server it was exchanged for.  However, Fletcher stated that the agency will investigate further to assess how the hackers were able to circumvent the security system and do whatever may be necessary to prevent future breaches.

“These hackers are very, very sophisticated and that’s one of the things that we want to document so that we can to put more controls in place to make sure that it will not happen again,” stated Fletcher.

For more information, check out the UDOH official statement and the Reuters and KSL.com articles.    

Share this:

If you are not a subscriber to our backend Legal HIE compliance library, download our Table of Contents here to check out all of the tools, checklists, whitepapers, sample policies we make available to our members to help their organizations comply with Information Blocking, HIPAA, 42 CFR Part 2, Data Breaches and more. Ready to subscribe now? Click here to review our subscription options.

Archives