This is an archived article that was published on sltrib.com in 2016, and information in the article may be outdated. It is provided only for personal research purposes and may not be reprinted.

The line between frugal and foolish can be a thin one. And a series of federal audits shows how that line was crossed, with disastrous results, due to the way Utah's Department of Health and Department of Technology Services ran things before being embarrassed by a handful of security breaches in 2012 and 2013.

There is reason to believe that, with new leadership and new levels of attention from the governor's office and the federal government, the flaws in the state's data security systems have been patched and security significantly improved.

At least, the flaws that were exploited in those cases have been addressed. But, just as the general public is incessantly faced with choices of when and whether to upgrade to the newest cellphone or latest computer operating system, someone out there is always coming up with new ways to hack into other people's personal information.

And, just as the state has geared up with a 24/7 system of cybersecurity monitoring, Utah's top elected leaders must never get complacent about the risks posed by the modern habit of storing all manner of sensitive personal information within reach of online pirates.

The state spent at least $9 million to upgrade security and provide credit monitoring for thousands of the people whose personal information — including Social Security numbers — was hacked by a still unidentified cyber thief, apparently from somewhere in Eastern Europe. The cost to the private sector and individuals is thought to run millions more.

The audits, run by the Office of the Inspector General of the U.S. Department of Health and Human Services, concluded that pre-breach protocols were not only woefully inadequate, but different departments sometimes were working at cross-purposes. Security was weak in one area, tight enough to lock out people who shouldn't have been locked out in others.

The state has a new technology services boss. Utah officials have gladly accepted the results and recommendations of the federal audit and have agreed to, if not already implemented, recommended reforms.

This is one area where Utah's tendency to resist federal meddling, and its affinity for spending as little money as possible, will have to take a back seat to the need to do everything possible to guard personal information. And to heed the expertise and advice of HHS officials who, under federal law, have the responsibility of monitoring all things Medicaid.

Any excuse that Medicaid records are not worth protecting because they only concern poor people is not only ethically bankrupt but incorrect. Those records intersect with many other databases within the health care realm, and doctor's offices often check to see if patient costs might qualify for state subsidies.

When Utah politicians promise to run government with as little expense and bother as possible, they should not be allowed to keep the state's electronic records in a vulnerable place.