A contractor that provided software to the state was also terminated. In addition, two other IT employees are under review and could be reprimanded or fired, Utah Gov. Gary Herbert told reporters in a press conference.
According to a report by The Salt Lake Tribune, Gov. Herbert stated that Department of Technology Services director Stephen Fletcher lacked "oversight and leadership" during the incident, in which Romanian hackers are suspected of stealing Social Security data and other information from health department servers.
The breach was related to the failure to change a default password, Gov. Herbert said. The contractor provided software without proper encryption safeguards, and the state's health data in future will be encrypted at rest as well as in transit, he said.
Herbert also announced the creation of a new "health data security ombudsman" in the Department of Health and appointed Sheila Walsh-McDonald, a longtime advocate for low-income Utahns at the Salt Lake Community Action Program, according to the news report. Walsh-McDonald will help victims navigate the programs available to them to protect their information.
Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.