Sunday, April 8, 2012

Hackers Broke Into State Computers in Utah and Stole Medicaid Records and Other Personal Data Such as Social Security Numbers

This is bad as the social security numbers were those of children receiving public assistance.  When you look at the cause it came down a password imageinstalled by a tech that was not strong enough.  Not to really get down on the tech here but hackers today have some pretty sophisticated equipment that goes at rocket speed to try variations of passwords one after another and it could run for hours and eventually they hit the jackpot with cracking the password(s).

It was just not the credentials that were broken into, but the hacker also downloaded a huge number of files, 24k.  This was a brand new server and the hackers appeared to be in eastern Europe based on checking IP addresses.  This of course has the entire state IT on watch and free credit reports will once again be rolling out.  As patients we can’t get our own records but others, including hackers in this instance sure don’t seem to have a problem.  BD


----------------


Utah health officials said Friday that hackers who broke into state computers last weekend stole far more medical records than originally thought, and the data likely includes Social Security numbers of children who have received public assistance

.

Approximately 182,000 beneficiaries of Medicaid and the Children's Health Insurance Program had their personal information stolen, and about 25,000 Social Security numbers were compromised, Utah Department of Health officials said.

The information was stolen from a new server at the Health Department, Weiss said. Although the state has multiple layers of security on every server, a technician installed a password that wasn't as secure as needed.

Based on the hacker's IP address, which identifies a computer on the Internet, Utah's recent attack likely came from eastern Europe, Weiss said. Someone started downloading the files Sunday, and the server was taken offline Monday after the state's security software caught the attack.

http://www.businessweek.com/ap/2012-04/D9TVMGA01.htm

No comments:

Post a Comment