In late March, hackers breached a state computer server in Utah and were able to obtain personal data on about 900,000 Medicaid patients. The Utah Department of Health reports that the hackers were able to download 24,000 files that contain sensitive information on state Medicaid patients. The original estimate had stated that only 24,000 patients were affected. However, it was later revealed that each of the stolen files contained information on up to hundreds of patients, pushing the number of affected people to almost 900,000
The security breach highlights some troubling issues associated with anyone giving their personal information to a healthcare provider, even those that use Medicaid. The hackers were able to steal the data because a state computer administrator used a simple password. The Medicaid recipients themselves had no way of either preventing the attacks from taking place or knowing that it had happened in the first place.
The stolen Medicaid data likely contained sensitive information such as patient names, addresses, Social Security numbers, birth dates, tax identification numbers, and billing codes. Essentially, the breach allowed the hackers to obtain all the information necessary to open false accounts under the patients’ names. The Utah Department of Health has stated that anyone affected by the theft should monitor his or her financial accounts and credit reports. It is also offering a free year’s worth of credit monitoring services to those affected.