Utah Health Department Acknowledges New Security Breach


The Utah Department of Health (UDOH) recently began notifying approximately 6,000 Medicaid clients that their personal data (including name, Medicaid identification number, age and recent prescription history) was misplaced by third-party contractor Goold Health Systems, which processes Medicaid pharmacy transactions for the UDOH.

"Late in the day on Jan. 10, a Goold employee pulled a routine report containing the names, ages and recent prescriptions for 6,000 enrollees," writes The Salt Lake Tribune's Kirsten Stewart. "Struggling to upload the report to a secure file server, the employee saved it on an unencrypted thumb drive and left the health department’s headquarters with the device. The employee had planned to upload it later, but misplaced the device while traveling between Salt Lake City, Denver and Washington, D.C., said health department spokesman Tom Hudachko."

The Salt Lake Tribune later reported that the unidentified Goold employee has been fired.

"There were no Social Security numbers or financial information included in the data, so we believe the potential risk for identity theft is minimal," UDOH Deputy Director and state Medicaid Director Michael Hales said in a statement. "Further, we have no reason to believe the data were targeted by anyone to be used for malicious purposes. Nevertheless, we understand the anxiety this will likely cause, and want clients to know we are taking all reasonable precautions to ensure the missing data cannot be used to harm individual clients or defraud the Medicaid program."

"The missing Medicaid data comes less than a year after a major breach of a Utah Department of Health server, which exposed hundreds of thousands of records containing Social Security numbers and other personally identifiable information," Government Technology reports. "That breach, still under investigation, may result in fines for the state."