Theft of Medicaid data in Utah may have been joint effort between hackers, insiders
The number of Utah citizens affected by a data breach that occurred last week has grown from an initially reported 24,000 to a currently reported 780,000, according to news reports.
A new report from Utah newspaper Deseret News says Utah government officials now estimate that some 280,000 people had their Social Security numbers stolen, and some 500,000 had less sensitive data compromised.
The victims are likely to be people who visited health care providers in the past four months. Many are children who are enrolled in Children's Health Insurance Program or Medicaid, although adults are also victims, officials said.
The reports do not say how the data was stolen, but officials say that the attack has been traced to hackers in eastern Europe. But officials are also investigating employees who were known to be present during the hours of the attack.
State officials offered some details on the nature of their security defenses. Mike Lloyd, CTO at RedSeal Networks, said that based on those reports, the Utah security architecture may be prone to human error.
"They called out five distinct types of protections," Lloyd notes. "This is typical; today’s IT infrastructure is highly complex, and the defenses built into the infrastructure are every bit as complex. Unfortunately, humans don’t handle complexity well -- it’s extremely difficult to consistently follow even basic, well-established guidelines in an infrastructure that’s large, complex, and rapidly moving."
Some security processes need to be automated, Lloyd suggests. "People cannot scale to the challenge of identifying all possible cross-combinations of factors that can permit a breach such as [Utah's]," he said. "We have to deploy computers to validate that we follow our own rules, consistently, throughout our own infrastructure. So long as we rely on human effort, breaches of this sort will continue."
Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024