Utah investigating info breach, could affect 24K

The Utah Department of Technology Services (DTS) notified the Utah Department of Health (UDOH) of an information breach on a DTS server that houses Medicaid claims this week. The initial breach appears to have taken place on Friday, March 30. During the breach, information was accessed from approximately 24,000 claims. 

DTS stated it is investigating to determine how many individual Medicaid clients may have been affected, and what personal information may have been compromised. “Typically, claims stored on servers like the one that experienced the breach could include client names, addresses, birth dates, Social Security numbers, physician’s names, national provider identifiers, addresses, tax identification numbers, and procedure codes designed for billing purposes,” a statement from UDOH read.

DTS had recently moved the claims records to a new server, and hackers believed to be operating out of Eastern Europe were able to circumvent the server’s multi-layered security system, according to the statement. The affected server has been shut down, and new security measures have since been implemented.  

The agency is reviewing every server in the state to ensure proper security measures are in place. The UDOH will send letters by mail to individual clients who had their personal information accessed with information to assist in protecting them from potential harm. Additionally, those clients whose Social Security numbers were compromised will receive free credit monitoring services.