Weak Password Management, Employee Theft to Blame After Two Recent Medicaid Cyber Attacks


Attention, Medicaid recipients in Utah and South Carolina!

If you or a loved one uses Medicaid or either state’s program for children, be sure to urge them to monitor their credit reports, bank accounts, and other areas.

Why? Because those are the key areas hackers could target with the information obtained after a recent theft of personal information of approximately 182,000 beneficiaries of Medicaid and the Children’s Health Insurance Program in Utah, and another 228,435 Medicaid beneficiaries in South Carolina.

In Utah, the victims had their personal information stolen, and about 25,000 Social Security numbers were compromised, according to the Utah Department of Health.

Stephanie Weiss, spokeswoman for the Utah Department of Technology Services, explained that an attack on a new server on March 30 allowed an unknown hacker to download 24,000 files, and each file contained hundreds of records.

A poorly chosen, weak password was to blame for the attack.

The Salt Lake Tribune says human error is to blame, as well as an old system that lacks adequate encryption. In Utah, the fear is that people are going to think twice before they sign up for any program that shares their private information electronically.

Meanwhile, the South Carolina Department of Health and Human Services discovered on April 10 that an employee of the state’s Medicaid program had transferred personal information to his personal email account. The alleged hacker was fired last week but still hasn’t told authorities what he planned to do with the information.

The compromised records included patient names, phone numbers, addresses, birth dates, and Medicaid ID numbers. In 22,604 cases, the records also contained recipients’ Social Security numbers.

Bill Morrow, a security expert and CEO of Quarri Technologies, told InformationWeek Healthcare:

“Standard Web browsers contain critical security gaps that create significant risks to organizations’ confidential data, and online resources like webmail and social networking sites can be open windows for data leakage. A careless or malicious employee can easily steal company trade secrets, intellectual property, or leak sensitive customer information.”


Get Private Wifi   Protect your personal information.
Get DataCompress   Cut your mobile data usage.

Elaine Rigoli

Elaine Rigoli is PRIVATE WiFi's manager of digital content strategy.