A breach in the Utah Department of Technology Services (DTS) security system containing Medicaid file information for the Utah Department of Health (UDOH) opened up confidential files to computer hackers and exposed approximately 280,000 Social Security numbers, state officials said last week. UDOH officials said this week that specific information could not be released regarding whether any Grand County residents were affected by the March 30 incident, but letters have already been sent out to more than 217,000 people who may have been affected.
“Essentially, the information was housed on a computer server used in a test environment,” said Tom Hudachko, public information officer for the UDOH. “That server was brought into a production environment, but all the necessary security was not in place when that happened.”
Hudachko said that as many as 500,000 more people may have had less vital information, such as name, address, and date of birth, stolen from the server as well, making a total number of possible victims 780,000.
“This is, as far as the Department of Health’s perspective, the largest breech ever seen of this type of information in the state,” Hudachko said. “We have not heard of any cases of the numbers being used at this point, and there has been no movement on the perps at this point. However, the FBI is investigating the matter.”
In response to the theft, the UDOH and DTS have made mitigating the possible negative outcomes their main priority, said Hudachko. Both departments are working to identify and notify those with stolen social security numbers, he said. The final letters are expected to be mailed over the next few days as identities continue to be verified, he said.
“It’s not a complete clean set of data we are working with. For some, we just have a social security number but no name or address,” Hudachko said. “It’s taking time to identify everyone.”
According to a UDOH news release, all victims will be notified by letter, but those with stolen social security numbers will be given priority. A hotline has been set up where individuals concerned their information may have been compromised may call to check if their social security number was involved.
For those whose numbers were taken, the UDOH will be providing a year of free credit monitoring. Hudachko said people could safeguard their credit and identities before his department is able to get to that step in the process by either placing a freeze or fraud alert on their personal credit file with the nation’s three credit bureaus.
“There are certainly things people can do to protect themselves,” Hudachko said. “Our website, health.utah.gov, provides good information for protecting credit.”
Utah Gov. Gary R. Herbert has called for a comprehensive audit of all state technology security and data storage procedures, as well as a specific audit of the handling of personal information in this incident, according to an April 11 news release from the governor’s office.
“Individuals provide sensitive personal information to the government in a relationship of trust. It is tragic that not only data was breached, but now individual trust is also compromised,” Herbert said. “DTS is doing everything they can to restore security. Now we must do everything we can to restore trust.”
Concerned citizens should call 855-238-3339 to see if their information was involved. The number is toll-free and staffed 24 hours a day with both English- and Spanish-speaking assistants.
ByBy Charli Engelhorn