People who live in Utah and use Medicaid may want to take a close look at their bank accounts. The Utah Department of Health says that hackers accessed thousands of Medicaid claims records on March 30, 2012. People whose records were accessed are at risk of identity theft and more.
Medicaid is a public form of health insurance that is designed for low-income people who are unable to afford to purchase health insurance from a private company. In general, people must be at least age 65 before they can qualify for Medicaid. However, a younger person who had certain kinds of disabilities may also be able to qualify. In other words, this is a government run form of health insurance that is provided for people who are unable to choose another health insurance option due to their limited finances.
According to the Utah Department of Health (UDOT) a data breach occurred on March 30, 2012, with one of the servers that contained information about Utah Medicaid clients. The breach happened as technicians from the Utah Department of Technology Services (DTS) were exchanging computer servers.
At this time, Utah state officials have said that they know which employee launched that server without setting the proper layer of security first. They are not naming that person because the investigation is still active. Boyd Webb, the chief information security officer for DTS said:
“We know who works on that server. I believe it was just a mistake”.
Once this server, that did not have the proper security in place, was launched, it got hacked. Officials noticed on Monday, April 2, 2012, that the information on that server had been accessed by an unauthorized user. DTS noticed “an unusual volume of data streaming out of the server”. They shut down that server.
However, by then, it is possible that hackers had accessed much of, if not all of, the information that was contained on it. Initially, it was believed that the hackers were operating somewhere in Eastern Europe, but this is not certain. It is possible that the hackers made it appear as though that was their location, but were actually located somewhere else.
What kind of information was on that server? It contained 24,000 files that could include information such as: the names of Medicaid clients, their addresses, birth dates, Social Security numbers, physician’s names, national provider identifiers, tax identification numbers, and procedure codes that are designed for billing. Some of this information can be used for identify theft. It has been said that people who used their Social Security number as their identifier are at the highest risk for identity theft now that the data breach has occurred.
Eventually, people who are affected by this data breach will receive a letter to notify them of it. Until then, it is a good idea to keep a close watch on your bank accounts, and your credit cards. Look for transactions that you know that you did not initiate.
Image by Meta Mourphic on Flickr