Utah Governor Calls for Security Audit Following Health Data Breach


Utah Gov. Gary Herbert (R) has called for a comprehensive security audit of the state's information systems following a large-scale health data breach at the Utah Department of Health, the Salt Lake Tribune reports (Stewart, Salt Lake Tribune, 4/11).


According to UDOH, the breach occurred on March 30 as Utah Department of Technology Services technicians were exchanging computer servers.

Stephen Fletcher -- executive director of UDTS -- said it appeared that "very sophisticated" hackers used passwords to access a server, but officials are uncertain about how the hackers bypassed security.

On Monday, UDOH announced that the breach could affect nearly 800,000 state residents. The agency previously reported that the breach involved information on 181,604 Medicaid and Children's Health Insurance Program beneficiaries (iHealthBeat, 4/10).

Audit Details

Herbert spokesperson Ally Isom said the governor has asked UDOH and the state Department of Administrative Services to hire an independent firm to audit all state data systems that store personal information. The auditors also will assist with the investigation of the recent data breach and the notification of affected residents.

Meanwhile, UDOH has set up a telephone hotline to provide residents with more information about the breach. The state also is offering no-cost credit monitoring services to individuals whose Social Security numbers were exposed (Salt Lake Tribune, 4/11).

Herbert said that UDTS is "doing everything they can to restore security," adding, "Now we must do everything we can to restore trust" (Neal, Inquirer, 4/12).


A Salt Lake City Deseret News editorial states that data breaches involving the government and the health care system are "particularly egregious and harmful" for those involved.

It adds that UDOH's recent breach involved data from "people who are eligible for Medicaid, meaning they are among the most vulnerable and ill-equipped to handle" identity theft or credit fraud.

The editorial concludes, "The state should do all it can to alert potential victims, try to track down perpetrators and ensure the public such a thing won't happen again" (Salt Lake City Deseret News, 4/12).

to share your thoughts on this article.