State News
| More

Hacking of Utah's Data Blamed on Configuration Error

Eastern European hackers stole personal information for as many as one in four Utah residents from a server at the Utah Department of Health.

Source: Government Technology | Utah | April 11, 2012



By Noelle Knell, Government Technology Staff Writer

A large-scale theft of Social Security numbers, and other personally identifiable information from a server at the Utah Department of Health is being traced to a configuration error at the password authentication level.

The breach, discovered April 2, compromised 280,000 Social Security numbers and 500,000 records that included other personal data, a significantly higher number of records than officials first believed. Personal information that was stolen includes names, addresses, birth dates and some details contained in patient health records.

The likely victims of the breach are Utah residents covered by the children’s health insurance program or Medicaid, who received health-care services in the past four months. Other records were jeopardized when health-care providers checked patient Medicaid status.

According to USA Today, the attack originated from Eastern Europe.

Utah officials explained in a news release that normal security procedures ensure the security of the state’s data, but this particular server was configured incorrectly. “DTS has identified where the breakdown occurred and has implemented new processes to ensure this type of breach will not happen again.”

The state is in the process of notifying potential victims, with priority given to those whose Social Security numbers were compromised. Those whose Social Security numbers were stolen will receive free credit record monitoring for one year.

Utah’s Department of Technology Services reports that it is cooperating with law enforcement on a criminal investigation of the data breach. Officials caution potential victims to be aware of scammers who may claim to represent the state regarding this incident and attempt to gather personal information via phone calls or emails.

View Full Story From Government Technology

If you enjoyed this post, subscribe for updates.

Comments



Add Your Comment

You are solely responsible for the content of your comments. GOVERNING reserves the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

Comments must be fewer than 2000 characters.
Most Viewed
This Section    |    Whole Site
Comments


Training Opportunities

Featured on Governing.com





GOVERNING Data

Events & Webinars

  • It’s A Paperless, Paperless World..... Thinking Outside the Box to Gain Efficiencies through Prepaid Cards
  • April 23, 2013
  • Public sector organizations are under intense scrutiny to operate as efficiently and effectively as possible and with maximum transparency. An important consideration is the way in which payments are made and managed. Prepaid cards can offer flexibility, security and accountability to governments as a method of dispersing benefits, healthcare and social care payments, child benefits and housing benefits to their constituents.


More Events & Webinars


© 2011 e.Republic, Inc. All Rights reserved.    |   Privacy Policy   |   Site Map