Following a recent data breach that exposed 780,000 Medicaid recipients' personal data, Stephen Fletcher, executive director of Utah's Department of Technology Services, has resigned.
"While Mr. Fletcher was not directly responsible for the data breach, the exposed medical records had been lingering on state computers for months despite protocol to erase submitted data within 24 hours," notes Becker's Hospital Review's Kathleen Roney.
"The compromise of even one person's private information is a completely unacceptable breach of trust," Utah Governor Gary R. Herbert said in a statement. "The people of Utah rightly believe that their government will protect them, their families and their personal data. As a state government, we failed to honor that commitment. For that, as your Governor and as a Utahn, I am deeply sorry."
"According to officials, the breach stemmed from a configuration error at the password authentication level allowing the hacker to circumvent the security system," writes Web Host Industry Review's Nicole Henderson. "Herbert says data on its servers will now be encrypted on the server, and not just in transit."
In Fletcher's place, Herbert has appointed Shiela Walsh-McDonald as the state's new Health Data Security Ombudsman and Mark VanOrden, IT director for the Utah Department of Workforce Services, as acting director of the Department of Technology Services.
Herbert also announced that Deloitte & Touche is currently conducting a security audit of the state's information technology systems.
"The state also will hire a public relations firm to handle crisis communications and offer free credit monitoring to the victims," notes CMIO's Beth Walsh.