Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Utah's Medicaid Data Breach Worse Than Expected

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 12 Apr 2012 01:50:02 -0500 (CDT)
http://www.informationweek.com/news/healthcare/security-privacy/232900128

By Nicole Lewis
InformationWeek
April 11, 2012
A new tally of files stored on a server that contained Medicaid information at the Utah Department of Technology Services (DTS) reveals that 780,000 individuals have been affected by the theft of sensitive information. That's far worse than initial estimates.
The data breach occurred on March 30, when a configuration error occurred at the password authentication level, allowing the hacker, located in Eastern Europe, to circumvent DTS's security system.
"The server was a test server and when it was put into production there was a misconfiguration. Processes were not followed and the password was very weak," Stephanie Weiss, spokesperson for DTS, told InformationWeek Healthcare.
On Monday DTS, along with the Utah Department of Health (UDOH), announced that an additional 255,000 people had their social security numbers (SSNs) stolen by hackers from a computer server last week. Until last Friday, authorities had estimated that only 25,096 individuals had their SSNs compromised. That brought the revised figure up to 280,096. 

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org
Previous By Date Next
Previous By Thread Next

Current thread: