The original data breach, as first reported by Utah Department of Technology Services (DTS), of the Utah Department of Health (UDOH) data server is worse than originally thought, according to the DTS. The DTS originally said 24,000 Medicaid claims had been accessed; however, it’s now saying 255,000 had their Social Security numbers listed in data stolen by thieves from a computer server last week and approximately 500,000 other victims had “less-sensitive personal information” stolen.
The total amount of people’s data thought to be stolen through the breach is approximately 780,000, according to the UDOH. The agency says victims are likely people who have visited a healthcare provider in the past four months. Some may be Medicaid or CHIP recipients; others are individuals whose healthcare providers were unsure as to their status as Medicaid recipients.
The DTS has begun to identify the patients, according to UDOH. The state will send letters to those affected, who willreceive one year of free credit monitoring services.
The “less-sensitive information” includes names, birth dates, and addresses. These people will also receive a letter alerting them to their situation. However the social security victims will be placed with bigger priority, according to UDOH.
The data breach initially occurred on Friday, March 30. According to UDOH, a configuration error occurred at the password authentication level, allowing the hacker to circumvent DTS’s security system.
Meanwhile, according to a report in the South Florida Sun Sentinel, up to possibly 9,500 patients at the Hollywood, Fla.-based Memorial Healthcare System had their identities stolen through an internal breach by two employees. The report says the two employees, who were trying to use the IDs to file phony tax returns, have since been fired and are under criminal investigation. The patients have received a letter and up to one-year of free credit report monitoring.
Details on how the breach occurred have not been made clear.