An inadequately protected server at the Utah Department of Health was the entrance that hackers used to steal 24,000 files that contained information from 181,604 Medicaid and Children's Health Insurance Program recipients last week, according to a report from The Salt Lake Tribune.
The majority of the data was stolen between April 1-2, and was only detected after the Department of Technology Services noticed an "unusual volume [of data] streaming out of the server."
Utah Department of Health spokesman Tom Hudachko said that this incident occurred because there was a configuration error at the level where passwords are entered in one server out of the department's 125 servers. The department's processes to ensure that state data is secure were not configured according to normal procedures on this server, which Boyd Webb, the agency's chief information security officer, says was "just a mistake."
The breach was originally reported on Wednesday as involving 24,000 claims, which has now been updated to state that the number actually refers to files, not claims. Each individual file can contain information on hundreds of individuals, often including health conditions, birth dates, addresses, physicians' names and other private information, says The Salt Lake Tribune. Of the 181,604 victims, 25,096 appear to have had their Social Security numbers compromised. Two-thirds of the Medicaid recipients are children.
The state is offering free credit-monitoring for one year to all of the victims, but credit fraud detection can often be very difficult to catch for children, who might not require good credit until applying for student loans or buying a car. Michael Hales, the Health Department's Medicaid director, says that the services will cost taxpayers approximately $460,000.
Investigators of the attack have said that the breach was traced to Eastern Europe, but it is still uncertain whether or not that is where the hacking originated.