Utah governor launches statewide data audit after Medicaid breach
Utah Gov. Gary Herbert is calling for a comprehensive security audit of the state's data systems following the pilfering of Medicaid data from a poorly protected server.
On March 30, hackers cracked the password on a server at the state Department of Technology Services, compromising the private information of up to 780,000 Utahns, including 255,000 Social Security numbers. The breach is being blamed on an employee who failed to follow protocol in configuring the test server before putting it online.
Initially the breach was thought to have affected only 25,000 Utahns on Medicaid, many of them children. But after further investigation, state officials discovered it was far larger in scope.
"Individuals provide sensitive personal information to the government in a relationship of trust. It is tragic that not only data was breached, but now individual trust is also compromised," said Herbert in a statement.
The governor has asked the Utah Departments of Health and Administrative Services to hire an independent firm to audit all computer systems that store personal data, said his spokeswoman, Ally Isom. How much that will cost, and whether the Legislature will have to approve the spending, she couldn't say.
A request for bids could go out as early as Thursday, Isom said.
Auditors also will help with the forensic analysis of stolen data and efforts to identify and notify residents at risk.
"The Medicaid program provides an invaluable safety net to some of our state's most vulnerable populations. People who need the program's help should feel confident that the personal information they provide us is safe and secure," said Dave Patton, executive director of the state health department.
The agency has activated a new hotline to offer people more information. The toll free number is available around the clock in English and Spanish at 1-855-238-3339.
Citizens whose Social Security numbers were jeopardized will receive free credit monitoring. People can also take other steps, such as freezing or placing fraud alerts on their credit.
Find out how at http://www.health.utah.gov/databreach.