Health IT Pulse

Apr 10 2012   1:36PM GMT

Server hacked — Medicaid data breach affects 780,000 individuals

AnneSteciw Profile: AnneSteciw

Tags:
Data breach
health care data breach
health data security
medicaid
PHI

An estimated 780,000 people in the state of Utah have been affected by a recent Medicaid data breach, according to the FAQ document published by the Utah Department of Technology Services (DTS) and the Utah Department of Health (UDOH).

The data breach occurred on March 30, 2012 when computer hackers gained access to a Utah Department of Technology Services (DTS) computer server that stores Medicaid and CHIP claims data. Not all victims were Medicaid recipients — some could be patients whose information was sent to the state as part of a “Medicaid Eligibility Inquiry” to determine their Medicaid status.

The initial announcement on April 4 stated that approximately 24,000 claims were accessed during the breach, but as the investigation began, the number of individuals affected grew immensely. As of April 9, Utah DTS and UDOH officials believe that approximately 280,000 victims had their Social Security numbers stolen and approximately 500,000 other victims had less-sensitive personal information stolen. Utah DTS is giving one year of free credit monitoring services to victims who had their SSNs stolen.

Hackers were able to access the data “due to an error on the server at the password authentication level,” according to the FAQ. The FAQ also states that Utah DTS has security processes in place to prevent illegal server access, but the hacked server “was not configured according to normal procedure.”

This raises the question: What good are health care data security procedures if they are not being followed? Perhaps it was simply human error — maybe someone forgot to reset the default password, or checked off an incorrect box when configuring the settings — that left the server vulnerable to being hacked. Can data security procedures be tightened to account for the possibility of human error?

Utah’s DTS says it has “implemented new processes to ensure this type of breach will not happen again” and is taking additional steps “to improve security controls related to the implementation of computer hardware and software, as well as increased network monitoring and intrusion detection capabilities.”

Experts have predicted that health care data breaches will get worse before they get better, due to lax PHI security procedures. Utah’s Medicaid data breach reveals that even with security procedures in place, health care data remains vulnerable.

11  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • SearchHealthIT
    #Medicaid #databreach leaves 280K in Utah vulnerable to #identifytheft http://t.co/EaQQl8al 500K more had info stolen. Affects >1/4 of Utah.
    0 pointsBadges:
    report
  • Anne Steciw
    Hacked! The latest #healthcare #databreach affects 780,000 people http://t.co/H3yioMcJ Server not configured properly #healthIT
    0 pointsBadges:
    report
  • Craig Byer
    RT @Steciw: Hacked! The latest #healthcare #databreach affects 780,000 people http://t.co/eZoRaenW Server not configured properly. #HITsm
    0 pointsBadges:
    report
  • Pivasys
    RT: SearchHealthIT: #Medicaid #databreach leaves 280K in Utah vulnerable to #identifytheft http://t.co/yrurc5iR 500K more had info stolen...
    0 pointsBadges:
    report
  • Craig Byer
    #Medicaid #databreach affects 780,000 individuals: http://t.co/cyAtRSOm #HITsm
    0 pointsBadges:
    report
  • Don Fluckinger
    Sorry, 780K Utah Medicaid recipients. You've been hacked #HIPAA http://t.co/OwBaDJ9w
    0 pointsBadges:
    report
  • CleverConsulting
    RT @craigbyer: #Medicaid #databreach affects 780,000 individuals: http://t.co/MutGcGtU #HITsm
    0 pointsBadges:
    report
  • Jenny Laurello
    Server hack attack — #Medicaid #databreach affects 780,000 individuals http://t.co/NJOaBTq7 #HealthIT #HITsm #hcsm #HIPAA
    0 pointsBadges:
    report
  • BeyondTrust
    RT @hitexchange: Server hack attack — #Medicaid #databreach affects 780,000 individuals http://t.co/qeBNAMRJ #HealthIT #HITsm #hcsm #HIPAA
    0 pointsBadges:
    report
  • BIDMC official shares lessons learned following data breach | RobertJGraham.com
    [...] On May 22, 2012, a Beth El Deaconess Medical Center (BIDMC) physician’s personal laptop containing patient information was stolen from his office, according to a BIDMC release. As data breaches go, the event’s impact was relatively low. The number of patients affected was smaller than in some recent breaches, including one in April at the Utah Department of Health, in which hackers made off with the personal data of about 800,000 Utah Medicaid patients. [...]
    0 pointsBadges:
    report
  • theare
    Medicare must see that it don't have any frauds as it is one of the sensible issue!
    http://www.medicarevirginia.com/

    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: