Late last month, the private information of people within the Utah medicaid system was accessed by nefarious hackers. The initial numbers of around 180,000 people affected were troubling enough, but those have ballooned several times over. The Utah Department of Health is now reporting that 280,000 people had their Social Security Numbers exposed and an additional 500,000 had less sensitive information — such as names and addresses — accessed.
There is some modicum of good news in all of this: 255,000 of the accessed SSNs did not have corresponding information such as a name. This limits the utility of the number somewhat, but it also limits the Utah government’s ability to inform people that their information has been compromised. In order to protect those affected, the Utah Department of Health is extending a year of free credit monitoring to anyone whose SSN was accessed in the hack.
It should be noted that the 780,000 figure is likely an estimate. As noted above, the Utah Department of Health counts 255,000 SSNs that were accessed, and says an additional 350,000 individuals who had less sensitive information accessed. The figures are likely based off the number of files taken in the hack — around 24,000. An estimated figure of 780,000, presumably a projected maximum, is likely being distributed so as to avoid the number being reported as going any higher.
The attack began on March 30, when a misconfigured server allowed hackers to bypass password protection and access the information of people within the Utah medicaid system. According to the Utah Department of Health, this includes:
[…] people who have visited a health care provider in the past four months. Some may be Medicaid or CHIP recipients; others are individuals whose health care providers were unsure as to their status as Medicaid recipients.
More information about the breach, along with resources for people who are concerned that their information may have been exposed, is available at the Utah Department of Health website. Because of the information involved, the Department of Health is warning that people be on the look out for scammers using the breach, or information obtained in the breach.
Their rule of thumb is for people to not supply information to anyone that approaches them, rather that they go directly to the Department of Health with their concerns.
(Utah Department of Health via The Verge, ZDNet via Slashdot, image via SurvivalWoman)
- The U.S. Navy wants to do some console hacking
- Google Chrome hacked for $60,000 prize
- Lulzsec helps arrest its own
- Electronic voting machine hacked; votes Bender onto D.C. school board
Published: Apr 10, 2012 11:48 am