Closing the breach
"Who steals my purse steals trash...;
But he that filches from me my good name
Robs me of that which not enriches him,
And makes me poor indeed."
Othello Act 3, scene 3, 155â161
Iago was talking about a person's reputation when he decried "he that filches from me my good name." But when computer hackers took the personal information names, Social Security numbers, birthdates, addresses of nearly 800,000 Utahns on April 1, they did it to enrich themselves and could leave their victims poor indeed.
The data was stolen in a breach of a poorly protected Utah Department of Technology Services computer server. The personal data was stolen from Medicaid beneficiaries, many of them children, and those enrolled in the Children's Health Insurance Program. It is now in the hands of people who could use the information to fraudulently obtain loans or employment and ruin the credit of the victims.
Along with Utahns on Medicaid and CHIP, tens of thousands of people who have never been beneficiaries or even applied for those programs but had their data sent to the state by mistake or for eligibility inquiries are also exposed to identity theft.
The state has sent letters to about 275,000 people whose data has been compromised, offering a year of credit monitoring through the credit-reporting company Experian. The rest will receive the same notifications. After a year, all those people are on their own to pay for continued protection.
But, since Medicaid is a government program for low-income and disabled Utahns, many of those who are at risk will not be able to continue credit monitoring after the state-funded year of protection runs out.
And if parents discover years from now that a child on Medicaid no longer qualifies for benefits because her Social Security number has been used by someone to obtain a job and his earnings have been credited to her, they would have few resources to get the fraud resolved.
Because a state agency is at fault here and the impact of this breach will be on-going, the state should do more than offer credit monitoring for one year and staff a telephone hot-line. It should help resolve financial losses for all Utahns exposed in the breach who are victims of identity theft in the future.
And it should strengthen precautions to make the system safe so all those who qualify for Medicaid or CHIP will feel comfortable revealing their personal data to the state.