Utah Medicaid Breach Serves as Another Wakeup Call

An employee of the Utah State Department of technology must have hit the snooze button when he launched a test server that resulted in the breach of 780,000 Medicaid records including over 250,000 Social Security numbers.

The Governor of Utah was quoted in the Salt Lake Tribune saying “Individuals provide sensitive personal information to the government in a relationship of trust. It is tragic that not only data was breached, but now individual trust is also compromised.”

Words like “tragic” are generally associated with death, not data breaches, nonetheless, it’s not good to have your Social Security number in the hands of a criminal. The data breached will most certainly cause thousands of people to suffer from identity theft. New lines of credit opened by the thief will go unpaid and ruin good credit ratings.

While we do not have all of the specific details of the incident in Salt Lake City, it appears that the systems in question may have had the encryption measures required, but that a single weak password may have provided access to these sensitive records. This is another reminder that the failure to implement organizational security policies is, in itself, a weak link in IT security.

Security is the responsibility of the ones who are in charge, those who hold the keys. In my home, it’s me. In your house, it’s you. And you can put all the locks on a house that you need, but if you leave a window open or a thief chooses to look under your doormat for a front door key, he can easily enter and rob you blind.

For consumers a comprehensive antivirus, antispyware, antiphishing and firewall is just the beginning. Make sure your computer us up-to-date with all its critical security patches and your browser is secured too.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.