|Page (1) of 1 - 04/09/12||email article||print page|
Hackers get into Utah health department recordsData breach at Utah health department expands to hundreds of thousands more potential victims
SALT LAKE CITY (AP) ' Hundreds of thousands of people could have had their Social Security numbers stolen by hackers, state health officials said Monday after discovering that the thieves downloaded thousands more files of personal information than authorities initially believed.
The revised estimates were issued after nearly 200,000 additional files were found to have been downloaded by the hackers, health department spokesman Tom Huduchko said at a news conference. Officials originally estimated that about 24,000 people had their records stolen after a computer tracked to Eastern Europe infiltrated a server beginning March 30, then changed that number to 182,000 potential victims.
The culprit actually downloaded about 224,000 files, some of which contained hundreds of records, Hudachko said. The latest discovery adds more than 750,000 people to the number of Utah residents whose personal data was taken.
The additional files contained about 250,000 Social Security numbers submitted within the last four months by health care providers to verify Medicaid coverage for a patient, as well as names, addresses or other personal information for up to 500,000 people.
The Social Security numbers didn't include other personal information, Hudachko said. About 130,000 of the numbers belong to current Medicaid recipients. Some of the victims were beneficiaries of Medicaid and the Children's Health Insurance Program, department officials said last week.
The information was stolen from a new server at the health department, said Stephen Fletcher, executive director of the Department of Technology Services. Although the state has multiple layers of security on every server, a technician installed a password that wasn't as secure as needed.
All of the files stored on the server have been reviewed, and Fletcher said it was unlikely the number of potential victims would increase again. The state also checked other servers used by agencies and have not discovered other breaches.
Clients whose information was stolen will be alerted, with the first priority being those whose Social Security numbers were taken, said Michael Hales, deputy director of the Health Department. The department is offering free credit monitoring for a year to anyone who information was stolen and has established a hotline for concerned clients.
Hales said it was important for people to monitor their credit ratings and bank accounts for fraud.
Monitoring financial accounts and credit reports is an important first step, but identity theft victims should also alert the three credit bureaus about potential fraud, said Kirk Torgensen, a chief deputy with the Utah attorney general's office who specializes in identity theft.
Protecting children from identity theft can be more difficult, since they normally will not have a credit report, credit cards or bank accounts to monitor. To assist parents, the state was working with the credit bureau TransUnion to provide a way for a child's Social Security number to be registered and their credit essentially frozen until they are old enough to need it.
A state website allows fraud victims to file an affidavit that will reduce the amount of time ' sometimes hundreds of hours ' that identity theft victims have to spend fixing their credit.
The Health Department's hotline: 800-662-9651
Related Keywords:Health Records Breach,Data privacy,Computer and data security,Technology issues,Technology,Computing and information technology,Government-funded health insurance,Government programs,Government and politics