SALT LAKE CITY — Hackers accessed 24,000 files on state computer servers that house Medicaid claims, state officials announced Wednesday.
The breach appears to have taken place on Friday. The hackers are believed to be operating out of Eastern Europe and circumvented the server’s multi-layered security system, said Stephen Fletcher, executive director of the state’s Department of Technology Services.
After the information was accessed on Friday, hackers began downloading the data on Saturday.
“We discovered this on Monday and shut down the servers,” Fletcher said. “We took it offline and immediately began taking steps to make sure our other servers were protected.”
Michael Hales, deputy director of the Utah Department of Health and the state Medicaid director, said data on the claims included client names, birth dates, addresses, tax identification numbers and specific diagnosis and treatment information. Fortunately, he said, most of those claims do not include Social Security numbers.
“We use a client identifier that is not a Social Security number in most cases,” he said. “We know there were 24,000 (files) but we don’t have the final count as to how many individuals may have been affected.”
Files often contain claim information on more than one individual. Department of Health officials said it appears likely that at least, and most likely more than, 24,000 unique clients would have had their information compromised.
DTS is reviewing every server in the state to ensure proper security measures are in place, Hales said. In addition, the agency is conducting an investigation to identify individual Medicaid providers whose protected information may have been breached.
“It is our priority to notify and assist these clients,” Hales said. “As soon as we identify them, we will send a letter out giving them specific instructions and what we will do to help them.”
Fletcher and Hales said they are also working with law enforcement to try to find the hackers.
In the meantime, Medicaid clients are encouraged to watch their bank accounts and credit card statements for any unusual activity. Those whose Social Security numbers were compromised will receive free credit monitoring services.
Questions?
For more information on the breach of state Medicaid files, go to www.health.utah.gov or call 1-800-662-9651.
Comments