Fallout grows from hacking of Utah health database

SALT LAKE CITY Mon Apr 9, 2012 11:55pm EDT

Related Topics


Under the Iron Dome

Sirens sound as rockets land deep inside Israel.  Slideshow 

SALT LAKE CITY (Reuters) - A data security breach of Utah's state health records was far larger than first reported, with hackers from Eastern Europe now believed to have gained access to private information of some 780,000 patients, state officials said on Monday.

The intrusion exposed the Social Security numbers of about 280,000 individuals to potential theft and compromised less sensitive personal information such as names, addresses and birth dates of an estimated 500,000 others, Utah Department of Health spokesman Tom Hudachko said.

"It's certainly worrisome," Hudachko said. "We've got a large amount of people out there whose information potentially is now in the hands of people who shouldn't have it." The bulk of the victims were recipients or potential recipients of Medicaid, a federal-state program that subsidizes healthcare for the needy, the aged and the disabled. But some records were from the state-administered Children's Health Insurance Program, or CHIP, for children of low-income families. About 260,000 Utah residents are Medicaid clients, including some children, state Health Department spokeswoman Charla Haley said. The number of children enrolled in CHIP is 40,000, though some of them could be covered under Medicaid as well, she said.

It remained unclear whether the full extent of the data breach has been pinpointed or whether the scope of the damage could grow as investigators from Utah's Department of Technology Services continue to examine the intrusion.

Further investigation may find instances in which a single patient accounted for multiple records that were hacked, so "there's the potential that the numbers would shift down," Hudachko said. The cyber raid was believed to have originated from hackers in Eastern Europe who circumvented security safeguards on March 30 in a breach that state officials initially thought had exposed 24,000 patient records.

The damage toll climbed to 780,000 after investigators found that the exposed data included an additional 605,000 records sent in recent months by healthcare providers to the state seeking to determine patients' Medicaid eligibility, Haley said. Health officials have urged all Medicaid patients and providers to keep an eye on bank accounts and other personal records. Customers whose Social Security numbers are found to have been compromised will receive free credit-monitoring services, officials said.

(Editing by Steve Gorman, Cynthia Johnston and Lisa Shumaker)

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (1)
JamVee wrote:
With the number of data breaches increasing exponentially, we can no longer wait. We must make some changes, and make them now. We must convince our government to change the way our social security number’s are used to identify our entire lives and we must change the way we collect and store personal data. Everyone has been talking about this for years, now it is time for some action.

Apr 10, 2012 11:06am EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.