Utah Medicaid Claims Data Hacked Affecting Over 24,000

Utah Medicaid Claims Data Hacked Affecting Over 24,000

The Utah Department of Health (UDOH) has experienced a data breach of its Medicaid claims data of over 24,000 individuals.  The breach was reported to UDOH by the Utah Technology Services Department on Monday, April 2nd, and while the initial hacking is suspected to have occurred on Friday, March 30th, UDOH stated that information began to be removed from the server on Sunday, April 1 (perhaps merely coinciding with April Fools’ Day…). 

Currently, UDOH suspects the hackers originated from Eastern Europe, and according to Reuters, has been able to pinpoint it to within certain countries.  The Department of Technology Services had recently moved the claims data to a new server, and, despite a multi-layered security system, the hackers were able to circumvent and access potentially client names, addresses, birth dates, Social Security numbers, physician’s names, national provider identifiers, addresses, tax identification numbers, and procedure codes for billing.

UDOH is currently advising all Medicaid clients to monitor their credit and bank accounts until those affected can be fully identified and notified.  According to KSL.com, Technology Services Executive Director Steve Fletcher said the server had “weaker controls” than the original server it was exchanged for.  However, Fletcher stated that the agency will investigate further to assess how the hackers were able to circumvent the security system and do whatever may be necessary to prevent future breaches.

“These hackers are very, very sophisticated and that’s one of the things that we want to document so that we can to put more controls in place to make sure that it will not happen again,” stated Fletcher.

For more information, check out the UDOH official statement and the Reuters and KSL.com articles.