Wednesday, April 4, 2012

State Agencies Investigating Data Breach

(Salt Lake City, UT) – The Utah Department of Technology Services (DTS) notified the Utah Department of Health (UDOH) Monday evening of an information breach on a DTS server that houses Medicaid claims.  The initial breach appears to have taken place on Friday, March 30.  During the breach, information was accessed from approximately 24,000 claims. 

DTS is investigating to determine how many individual Medicaid clients may have been affected, and what personal information may have been compromised.  Typically, claims stored on servers like the one that experienced the breach could include client names, addresses, birth dates, Social Security numbers, physician’s names, national provider identifiers, addresses, tax identification numbers, and procedure codes designed for billing purposes.     

DTS had recently moved the claims records to a new server, and hackers believed to be operating out of Eastern Europe were able to circumvent the server’s multi-layered security system.  The affected server has been shut down, and new security measures have since been implemented.  The agency takes such attacks by thieves seriously and is cooperating with law enforcement in a criminal investigation. 

DTS is reviewing every server in the state to ensure proper security measures are in place.  DTS has a layered security defense with multiple stages of security to defend against attacks and the agency is reviewing all policies and procedures to ensure effective security. 

DTS is conducting an investigation to identify individual Medicaid clients and providers whose protected information may have been accessed.  It is UDOH’s priority at this time to notify and assist those individuals.  In the meantime, the UDOH is advising all Medicaid clients to monitor their credit and to keep a close eye on their bank accounts. 

The UDOH will send letters by mail to individual clients who had their personal information accessed with information to assist in protecting them from potential harm.  Additionally, those clients whose Social Security numbers were compromised will receive free credit monitoring services. 

Concerned Medicaid clients can also visit www.health.utah.gov or call 1-855-238-3339 to get more information on additional free resources individuals can take advantage of to protect their credit and their personal information. 

# # #

Media Contacts:
Tom Hudachko, UDOH Public Information Officer
801-538-6232 or 801-560-4649
Stephanie Weiss, DTS Public Information Officer
801-538-3284