More than a month ago, State of Utah found out that their servers were under attack by Eastern European hackers. They’ve got access to a server, which was used to receive service claims of Medicare, Medicaid and children’s health. Even more unfortunate is that health care specialists commonly submit information about other patients too, simply because it’s easier to determine if they may qualify for coverage.
What that means is that the victims can be anyone using healthcare service. The day when this attack started was March 30 – hackers began to extract the names, birth dates, addresses and other personal and sensitive information about 500,000 Utah residents. Additionally, there was a leak of 280,000 social security numbers, that hackers captured. How did hackers accessed this highly sensitive information?
The new state’s CIO, Mark VanOrden, told, that 99% of information is behind two firewalls, however, the stolen information was not. Additionally, it wasn’t even encrypted, and it even had default passwords. They say that this server was originally installed by a third-party developer and that there were no security audit procedures ever proceeded. That means that there were no data encryption, data wasn’t cleaned out when not needed, all the default passwords weren’t changed, and no penetration tests were performed.
Now the Utah state offers a one year credit monitoring program to all the victims whose information was stolen. For more information about it and advices follow this link: Health.utah.gov. Nonetheless it’s a fact that one year won’t cover the real threat of protection, because your social security number is with you for life. However, Dr Patton says, that after one year this information “goes stale”.
This incident will make a notice for all the states in US, that citizens information has to be kept secure. The procedures of the audit were created for defending the sensitive information, but they have to be actually used. It will make fighting against cybercrimes way easier, and won’t leave people haunted by these incidents for all life.