On Monday, the Utah Department of Health announced that a recent health data breach could affect nearly 800,000 state residents, significantly more than previous estimates, the Salt Lake Tribune reports (Stewart, Salt Lake Tribune, 4/10).
Last week, UDOH officials said that the breach involved information on 181,604 Medicaid and Children's Health Insurance Program beneficiaries. The agency initially reported that the breach involved about 24,000 Medicaid files.
According to UDOH, the breach occurred on March 30 as Utah Department of Technology Services technicians were exchanging computer servers.
Stephen Fletcher -- executive director of UDTS -- said it appeared that "very sophisticated" hackers used passwords to access a server, but officials are uncertain about how the hackers bypassed security (iHealthBeat, 4/9).
Scope of Breach Expands
In its Monday announcement, UDOH said the breach could have exposed the Social Security numbers of as many as 280,000 Utah residents, as well as less sensitive data -- such as names and birth dates -- on about 500,000 residents.
Tom Hudachko, UDOH spokesperson, said the state is working to notify affected residents by mail. Residents whose Social Security numbers were exposed will receive one year of no-cost credit monitoring services.
According to the Tribune
, there have been no indications that the data are being used for fraudulent activities, but the FBI has launched an investigation because of the breach's scope and potential for harm (Salt Lake Tribune