Utah Data Breach Escalates to 780,000 Victims
An improperly secured server maintained by the Utah Department of Technology Services (DTS) was hacked into on March 30, compromising personal health information (PHI) of thousands of people. The victims are likely to be Medicaid or Children’s Health Insurance Program (CHIP) recipients who have visited a health care provider in the past four months, and individuals whose provider recently verified his or her Medicaid status.
“It is now believed that a total of approximately 280,000 victims had their Social Security numbers stolen and approximately 500,000 other victims had less-sensitive personal information stolen,” reported the Utah Department of Health (UDOH) in an April 9 press release. “Less-sensitive” PHI may include names, dates of birth, and addresses.
The health department originally thought 24,000 individual claims had been compromised, according to an April 4 press release. Further investigation determined that 24,000 files had been removed, according to an April 6 press release, and each file can potentially contain claims information on hundreds of people. This increased the number of possible ID theft victims considerably.
According to the press release, the state will be sending letters directly to victims as they are identified. The DTS and UDOH warn that no one will be calling or emailing identified victims and asking for personal information.
Medicaid clients can call 1-855-238-3339 to find out if their information has been compromised. Additional information about the data breach can also be found on the UDOH website.