Anatomy of a Breach: What We All Can Learn from the Utah Medicaid Records Theft

A. DeCarlo
A. DeCarlo

Summary Bullets:       

  • The March 2012 breach of Utah’s Medicaid health care record system, originally thought to expose the records of 24,000, actually involved the personal information of hundreds of thousands more recipients.
  • Human error appears to have played a major role in opening the door to the cyber thieves.

The fallout from the recent theft of 280,000 medical records containing social security numbers and as many as 500,000 additional patient files from the Medicaid server at the Utah Department of Health continued with this week’s resignation of Stephen Fletcher from his position as the state’s Chief Information Officer.  Utah Governor Gary R. Herbert held a press conference this week to disclose plans to ensure that the attack is not repeated.  The governor announced plans for an independent audit of technology security systems, the appointment of a new health data security ombudsman, ongoing investigation by law enforcement, and personnel changes, which besides Fletcher’s resignation, reportedly also include the firing of a contractor. Continue reading “Anatomy of a Breach: What We All Can Learn from the Utah Medicaid Records Theft”