Hackers Steal Health Records

The latest major security breach of medical records, involving hackers stealing documents that contain Social Security numbers, has put 280,000 patients in Utah at serious risk of identity theft.

The March 30 breach also compromised names, birth dates and addresses, thereby putting an additional 500,000 patients at risk, Utah authorities said. Other information in the records could include diagnosis codes, national provider identification numbers, provider taxpayer identification numbers and billing codes, state officials say.

The patients' names were sent to the state over the past four months as part of a Medicaid eligibility inquiry, according to the Utah Department of Health.

Utah's Department of Technology Services says a configuration error at the password-authentication level allowed hackers to circumvent security. Cyber thieves started removing data from the compromised computer server on April 1. DTS discovered the breach the next day and shut down the server, noted state officials, which released a list of frequently asked questions.

"DTS has processes in place to ensure the state's data is secure, but this particular server was not configured according to normal procedure," the Health Department says in a statement. "DTS has identified where the breakdown occurred and has implemented new processes to ensure this type of breach will not happen again."

Patients whose Social Security numbers are believed to have been stolen will receive a year's worth of credit monitoring courtesy of the state. The FBI and local law enforcement authorities are investigating.

Initial indications suggest that the attack may have originated in Eastern Europe, according to news reports quoting a Health Department spokesman.