Utah breach affects 25,000 Social Security numbers

Apr 06, 2012 By JOSH LOFTIN , Associated Press

(AP) -- Utah health officials said Friday that hackers who broke into state computers last weekend stole far more medical records than originally thought, and the data likely includes Social Security numbers of children who have received public assistance.

Approximately 182,000 beneficiaries of Medicaid and the Children's Health Insurance Program had their personal information stolen, and about 25,000 Social Security numbers were compromised, Utah Department of Health officials said.

Officials originally estimated that about 24,000 people had their records stolen after someone attacked a server beginning March 30. But the culprit actually downloaded 24,000 files, and each file contained hundreds of records, said Stephanie Weiss, spokeswoman for the Utah Department of Technology Services.

The information was stolen from a new server at the Health Department, Weiss said. Although the state has multiple layers of security on every server, a technician installed a password that wasn't as secure as needed.

"We understand clients are worried about who may have accessed their personal information, and that many of them feel violated by having their information compromised," said Michael Hales, deputy director of the Health Department. "But we also hope they understand we are doing everything we can to protect them from further harm."

Clients whose information was stolen will be alerted, with the first priority being those whose Social Security numbers were taken, Health Department spokesman Tom Hudachko said. The department is offering free credit monitoring for a year to anyone who information was stolen and has established a hotline for concerned clients to call.

There is no way to narrow down the potential victims to a specific area of the state because the claims come from clinics throughout Utah, Hudachko said. Also, because providers have up to a year to file a claim, it is difficult to even narrow it down to recent patients.

While the investigation is ongoing, Hudachko said the department is recommending that every Medicaid client monitor credit reports, bank accounts and other areas the hackers could target with the information.

Monitoring financial accounts and credit reports is an important first step, but somebody who knows their identity has been stolen should also alert the three credit bureaus about potential fraud, said Kirk Torgensen, a chief deputy with the Utah attorney general's office who specializes in identity theft.

Protecting children can be more difficult, since they will normally not have a credit report, credit cards or bank accounts to monitor. To assist parents, the state has partnered with the credit bureau TransUnion to provide a way for a child's Social Security number to be registered and their credit essentially frozen until they are old enough to need it.

The website, http://www.idtheft.utah.gov , also allows victims of fraud to file an affidavit that will reduce the amount of time - sometimes hundreds of hours - that identity theft victims have to spend fixing their credit.

Based on the hacker's IP address, which identifies a computer on the Internet, Utah's recent attack likely came from eastern Europe, Weiss said. Someone started downloading the files Sunday, and the server was taken offline Monday after the state's security software caught the attack.

Attacks on other state servers haven't been discovered, "but we're continually reviewing them to make sure they're secure," Weiss said.

Explore further: Judge won't free Russian accused of hacking in US

More information: Concerned clients can call the Health Department's hotline at 800-662-9651 or go to http://www.health.utah.gov/databreach for more information.

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Hackers breach UC Berkeley computer database

May 08, 2009

(AP) -- University of California, Berkeley, officials said Friday that hackers infiltrated restricted computer databases, putting at risk health and other personal information on 160,000 students, alumni and others.

San Fran college's computer network compromised

Jan 14, 2012

(AP) -- The computer networks of a San Francisco community college have been infected with software viruses that illegally transmitted personal data from students and employees overseas, school officials said Friday.

Citigroup says 360,000 affected by hackers

Jun 16, 2011

Hackers stole account information of more than 360,000 of Citigroup Inc.'s U.S. credit card customers in a recent data breach, the bank said Wednesday, almost double the number initially thought.

'Anonymous' hackers access Austrian bank data

Jul 25, 2011

The Austrian branch of the hacker group Anonymous accessed the bank data of 96,000 people in an attack on the website of the country's GIS television licence agency, officials said on Monday.

Recommended for you

Social network challenges end in tragedy

4 hours ago

Online challenges daring people to set themselves ablaze or douse themselves in ice water are racking up casualties and fueling wonder regarding idiocy in the Internet age.

States debate digital currency

5 hours ago

Now that consumers can use digital currencies like bitcoin to buy rugs from Overstock.com, pay for Peruvian pork sandwiches from a food truck in Washington, D.C., and even make donations to political action committees, states ...

User comments : 0