By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: Server Hack Leads to HIPAA Violation by Utah Department of Health
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > Uncategorized > Server Hack Leads to HIPAA Violation by Utah Department of Health
Uncategorized

Server Hack Leads to HIPAA Violation by Utah Department of Health

onlinetech
onlinetech
Share
4 Min Read
SHARE

A configuration error at the authentication level of a server allowed hackers from Eastern Europe to access 25,000 social security numbers and the personal records of over 181,000 individuals collected by the Utah Department of Health (UDOH). The server was managed by the Utah Department of Technology Services (DTS).

A configuration error at the authentication level of a server allowed hackers from Eastern Europe to access 25,000 social security numbers and the personal records of over 181,000 individuals collected by the Utah Department of Health (UDOH). The server was managed by the Utah Department of Technology Services (DTS). In the process of moving Medicaid claims records to a new server, hackers were able to access ePHI despite the DTS’s security system, resulting in the latest HIPAA violation.

Hackers removed 24,000 files from the server – according to the UDOH, one file can potentially contain claims information on hundreds of individuals. The UDOH reports that the DTS servers have multi-layered security systems containing perimeter security, network security, identity management, application security and data security, but the question remains, would they pass a HIPAA audit of their controls?

The UDOH claims that the DTS has process in place to secure their data, but the “particular server was not configured according to normal procedure.” This may have simply been an oversight by DTS staff, but it also raises the question of whether or not their employees are trained in HIPAA security policies and procedures.

More Read

How to make sure your favorite health food is as healthy as it sounds [Infographic]
Is Age Just a Number, or a Challenge to Widespread HIT Adoption?
IBM File System Scans 10 Billion Files in 43 minutes
The role of digital therapy in changing the future of healthcare
Rationing the Doctor’s Time

An IT or data center organization that handles ePHI on their servers need to have multiple layers of security, including staff trained to implement technology in accordance with HIPAA standards. The DTS should have an appointed security and risk management officer employed to oversee training, with documented dates of completion.

The UDOH blog states the DTS has implemented new processes to prevent a future breach, including improving security controls related to implementing computer hardware and software, and increasing network monitoring and intrusion detection capabilities.

In a previous blog, I wrote about What to Look for in a Cloud Hosting Provider, highlighting the U.S. General Services Administration (GSA)’s Dave McClure’s criteria for a secure cloud hosting provider. One criterion included the need for continuous monitoring with real-time alerts instead of post-breach audits. The same holds true when seeking a HIPAA hosting or HIPAA cloud hosting provider – network monitoring can alert IT staff of any unauthorized access to a server and allow them to move quickly to remediate.

For more on HIPAA violations, including violation types, minimum and maximum penalties, and common mistakes made by companies resulting in a data breach, read What is a HIPAA Violation?

References:
Impact of Medicaid Data Breach on DTS Server Widens
Data Breach of 24,000 Medicaid Claims by Hackers
Medicaid Hacked: Over 181,000 Records and 25,000 SSNs Stolen

TAGGED:data breachhipaa violation
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

Nurse Scheduling Software
Evaluating 7 Best Nurse Scheduling Software
Nursing Technology
October 28, 2025
contamination
Batch Failures And The Hidden Costs Of Contamination
Health Infographics
October 21, 2025
Medication Management For Seniors
Simplifying Medication Management For Seniors
Infographics Senior Care
October 21, 2025
Guide To Pursuing a Career in Nursing as a Foreigner in the USA
Collaboration Is the Prescription for Better Patient Care
Health
October 20, 2025

You Might also Like

Video: Healthcare on Cloud

September 28, 2011

Can Media handle the Healthcare news?

January 20, 2011
fight with illness
Uncategorized

5 Easy Ways You Can Fight Off Illness

June 9, 2021
BusinessHealth careHospital AdministrationMarketingMedical EducationMedical InnovationsMedical RecordsTechnologyUncategorized

The Importance Of Medical Labels And Supplement Labels

February 4, 2020
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?