comScore 780,000 People Affected in Utah Medicaid Hack | The Mary Sue

Utah Medicaid Hack Affects Estimated 780,000, 280,000 Social Security Numbers Nabbed


Late last month, the private information of people within the Utah medicaid system was accessed by nefarious hackers. The initial numbers of around 180,000 people affected were troubling enough, but those have ballooned several times over. The Utah Department of Health is now reporting that 280,000 people had their Social Security Numbers exposed and an additional 500,000 had less sensitive information — such as names and addresses — accessed.

There is some modicum of good news in all of this: 255,000 of the accessed SSNs did not have corresponding information such as a name. This limits the utility of the number somewhat, but it also limits the Utah government’s ability to inform people that their information has been compromised. In order to protect those affected, the Utah Department of Health is extending a year of free credit monitoring to anyone whose SSN was accessed in the hack.

It should be noted that the 780,000 figure is likely an estimate. As noted above, the Utah Department of Health counts 255,000 SSNs that were accessed, and says an additional 350,000 individuals who had less sensitive information accessed. The figures are likely based off the number of files taken in the hack — around 24,000. An estimated figure of 780,000, presumably a projected maximum, is likely being distributed so as to avoid the number being reported as going any higher.

The attack began on March 30, when a misconfigured server allowed hackers to bypass password protection and access the information of people within the Utah medicaid system. According to the Utah Department of Health, this includes:

[…] people who have visited a health care provider in the past four months. Some may be Medicaid or CHIP recipients; others are individuals whose health care providers were unsure as to their status as Medicaid recipients.

More information about the breach, along with resources for people who are concerned that their information may have been exposed, is available at the Utah Department of Health website. Because of the information involved, the Department of Health is warning that people be on the look out for scammers using the breach, or information obtained in the breach.

Their rule of thumb is for people to not supply information to anyone that approaches them, rather that they go directly to the Department of Health with their concerns.

(Utah Department of Health via The Verge, ZDNet via Slashdot, image via SurvivalWoman)

Relevant to your interests

Have a tip we should know? [email protected]

Filed Under:

Follow The Mary Sue: