Utah Health Data Breach Affects Nearly 800,000
Theft of Medicaid data in Utah may have been joint effort between hackers, insiders
The number of Utah citizens affected by a data breach that occurred last week has grown from an initially reported 24,000 to a currently reported 780,000, according to news reports.
A new report from Utah newspaper Deseret News says Utah government officials now estimate that some 280,000 people had their Social Security numbers stolen, and some 500,000 had less sensitive data compromised.
The victims are likely to be people who visited health care providers in the past four months. Many are children who are enrolled in Children's Health Insurance Program or Medicaid, although adults are also victims, officials said.
The reports do not say how the data was stolen, but officials say that the attack has been traced to hackers in eastern Europe. But officials are also investigating employees who were known to be present during the hours of the attack.
State officials offered some details on the nature of their security defenses. Mike Lloyd, CTO at RedSeal Networks, said that based on those reports, the Utah security architecture may be prone to human error.
"They called out five distinct types of protections," Lloyd notes. "This is typical; today’s IT infrastructure is highly complex, and the defenses built into the infrastructure are every bit as complex. Unfortunately, humans don’t handle complexity well -- it’s extremely difficult to consistently follow even basic, well-established guidelines in an infrastructure that’s large, complex, and rapidly moving."
Some security processes need to be automated, Lloyd suggests. "People cannot scale to the challenge of identifying all possible cross-combinations of factors that can permit a breach such as [Utah's]," he said. "We have to deploy computers to validate that we follow our own rules, consistently, throughout our own infrastructure. So long as we rely on human effort, breaches of this sort will continue."
Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024