News / Utah / 

Medicaid data breach is worse than thought



Estimated read time: 2-3 minutes

This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.

SALT LAKE CITY — The security breach of one of Utah's computer servers that houses Medicaid and Children's Health Insurance Program information affected more than 181,600 people, officials said Friday after having a week to assess the damages.

Of those individuals who had their personal information removed from the server late Sunday, 25,096 appear to have had their Social Security numbers compromised, according to Utah Department of Health spokesman Tom Hudachko.

UDOH officials announced the breach Wednesday, while an internal investigation was ongoing. At this point, letters will be mailed to individuals whose information was compromised, including instructions and access to resources on what to do next.

Hudachko said those affected will have an option to take advantage of free credit monitoring services for one year.

"We understand clients are worried about who may have accessed their personal information, and that many of them feel violated by having their information compromised," said UDOH deputy director Michael Hales. "But we also hope they understand we are doing everything we can to protect them from further harm."


We understand clients are worried about who may have accessed their personal information, and that many of them feel violated by having their information compromised. But we also hope they understand we are doing everything we can to protect them from further harm.

–Michael Hales


Initially, it appeared 24,000 claims had been accessed. As the investigation progressed, it was determined that hackers actually obtained 24,000 files, each of which can potentially contain claims information on hundreds of individuals.

The cyber attack was traced to a moment in time when the server did not have ample protection in place. An Internet protocol address led to hackers in Eastern Europe, according to Utah Department of Technology Services spokeswoman Stephanie Weiss. She said the agency was working with the FBI to uncover more answers.

DTS has also identified where the breakdown occurred, and has implemented new processes and taken additional steps, to ensure the same type of breach will not happen again. Those steps include increased network monitoring and the implementation of intrusion detection capabilities.

Concerned Medicaid clients are still encouraged to call 1-800-662-9651 for more information on how to protect themselves and their identities. Information is also available online, at www.health.utah.gov/databreach.

Related Links

Related Stories

Wendy Leonard

    SIGN UP FOR THE KSL.COM NEWSLETTER

    Catch up on the top news and features from KSL.com, sent weekly.
    By subscribing, you acknowledge and agree to KSL.com's Terms of Use and Privacy Policy.

    KSL Weather Forecast