A cyber attack on a Utah Department of Technology Services computer server that stores Medicaid claims data likely compromised the personal information of close to 200,000 Utahns, including more than 25,000 individuals' Social Security numbers.
The server also held information of Children's Health Insurance Plan recipients, and DTS reported Friday that approximately 181,604 Medicaid and CHIP recipients had their personal information removed from the server. Of those individuals, 25,096 appear to have had their Social Security numbers compromised.
The UDOH will immediately begin reaching out to clients whose personal information was stolen during the attack, with priority being placed on those clients whose Social Security numbers were jeopardized, according to a news release from the department. Those clients will receive a letter instructing them on how to take advantage of free credit monitoring services for one year.
"We understand clients are worried about who may have accessed their personal information, and that many of them feel violated by having their information compromised," UDOH Deputy Director Michael Hales said in the release. "But we also hope they understand we are doing everything we can to protect them from further harm."
Initially, it appeared as though the hackers who broke into the server removed 24,000 claims. However, as the investigation progressed, DTS determined the thieves actually removed 24,000 files. One file can potentially contain claims information on hundreds of individuals.
DTS servers have multi-layered security systems that include many controls, including: perimeter security, network security, identity management, application security and data security. In this particular incident, a configuration error occurred at the authentication level, allowing the hacker to circumvent the security system. DTS has processes in place to ensure the state's data is secured, but this particular server was not configured according to normal procedure.
"The investigation into the breach of the server is ongoing, and the two agencies will continue to update the public with any further developments. Officials said earlier this week that the hackers likely were based in eastern Europe; however, because the breach occurred in the United States, the FBI may be involved in the investigation"
Concerned Medicaid clients are still encouraged to call 1-800-662-9651to get more information on how to protect themselves and their identities. This same information can also be found at www.health.utah.gov/data breach.
No comments:
Post a Comment