Thursday, April 5, 2012

Utah Medicaid Database Hacked

Story first appeared in the Chicago Tribune.

SALT LAKE CITY (Reuters) - A data security breach at the Utah Health Department, believed to be the work of Eastern European hackers, has exposed 24,000 U.S. Medicaid files bearing names, Social Security numbers and other private information, state officials said on Wednesday.

The intrusion initially appeared to have affected claims representing at least 9 percent of the 260,000 clients of Medicaid in Utah. But because each file often contains information on more than one individual, the full extent of the breach is probably wider, officials said.

Medicaid is a federal-state program that helps pay for healthcare for the needy, the aged and disabled. The state determines eligibility and which services are covered, and the federal government reimburses a percentage of the state's expenditures.

Hudachko said the Technology Services Department notified state health officials Monday evening about the cyber attack.

Technology Services had recently moved the claims in question to a new server, allowing the hackers "to circumvent the server's multi-layered security system," according to officials.

He said the cyber attack is believed to have originated in Eastern Europe, based on a suspicious Internet Protocol, or IP, address, but investigators are still trying to pinpoint the precise source.  It is possible that an outsourced IT Security Solution could have prevented this issue.

GRAVE CONCERNS

Utah state Senator Allen Christensen, who also is a practicing dentist, said each compromised claim is going to have two parties involved - both the recipient and the provider.

The chairman for the Utah State Health and Human Services Committee, expressed grave concerns over the impact on the Medicaid population in Utah and suggested the database was left vulnerable by human error.  An outsourced IT Security Solution would have been a good option to alleviate any possible human error.

State officials said they were examining all servers and reviewing policies and procedures to ensure effective security measures are in place.

The compromised files also contain individuals' names, addresses and other private information.

State Health officials are urging all their Medicaid clients and providers to keep a wary eye on their bank accounts and other personal records. Customers whose Social Security numbers are found to have been compromised will receive free credit monitoring services, officials said.

For more technology related news, visit the Electronics America blog.