Utah insurance exchange hacked
The Salt Lake Tribune reported on the hacking and said the site was down for about 10 days. Protected health information is on a separate secure site and was not affected.
The state's Department of Technology services maintains the breached site and also was responsible for the comprehensive hacking of Medicaid data in March. Protected health information was compromised for 780,000 individuals, including up to 280,000 Social Security numbers.
All state exchanges will hold a wealth of personal information but in order for the U.S. Department of Health and Human Services to issue its approval, states must prove they meet five provisions related to privacy and security.
Federal guidance for applications—due Nov. 16—requires that states provide “adequate safeguards” to protect personal information on the exchange. States also must secure a letter of acceptance from the IRS, affirming that they're capable of protecting federal tax information, which will be used to determine eligibility for Medicaid and tax subsidies on the exchanges.
According to the exchange rules, “Personally identifiable information should be protected with reasonable operational, administrative, technical, and physical safeguards to ensure its confidentiality, integrity and availability and to prevent unauthorized or inappropriate access, use or disclosure.”