Officials from the Utah Department of Health issued a statement in late March saying that Eastern European hackers had stolen the personal information of 24,000 Medicaid recipients. However, as the state continued investigating the security breach, it has continued to increase the number of affected individuals. The state is now saying that almost 900,000 Medicaid recipients have had their personal information compromised because of the breach.
The security problem happened because a server technician had apparently been using a weak password. This allowed the hackers to access 24,000 files that contained Medicaid patient personal information. Each file contained sensitive information on up to hundreds of individual patients.
Health department officials are contacting each of the affected patients with a letter. They will also offer a year of free credit monitoring to anyone who has had their Social Security number stolen.
Security experts say that there is nothing an individual person could have done to prevent this loss of information. Because the thieves stole the data from a state server, a Medicaid patient had no way to protect his or her identity. Utah Medicaid patients are urged to closely monitor their credit card statements and bank accounts for any signs of unauthorized activity. Anyone who finds such activity should contact their bank or credit card company immediately and notify them of suspected identity theft.