Health department tries to calm fears of data breach victims

Posted at 7:53 PM, May 02, 2012

SALT LAKE CITY -- The questions they asked were tinged with concern for their private information, stolen by faceless computer hackers in a massive data security breach. Utah Department of Health officials tried to provide them with information to protect themselves.

But many left Wednesday's public forum focusing on the data security breach frustrated.

"They passed the buck!" grumbled one man. "They didn't care."

People packed a conference room at the Utah Department of Health to find out what the state was going to do to protect their personal information that had been stolen. An estimated 780,000 people had some kind of personal information like a Social Security Number, name or address taken in a data breach.

"This is a very serious issue and we recognize that and we're taking it very seriously," said Dr. David Patton, the executive director of UDOH. "This is something we feel is a breach of public trust."

In a presentation to the crowd, UDOH said a computer server was put online with a weak password. On March 10, hackers attacked it. On March 30, the hackers began downloading people's personal information. Employees at the Utah Department of Technology Services discovered it on April 2.

While the data breach initially affected Medicaid and Children's Health Insurance Program patients, UDOH acknowledged private healthcare providers had also run names through the database for billing purposes, to see if people qualified for Medicaid.

On Wednesday, UDOH said that the servers were supposed to clear those private healthcare inquiries every day -- but it stored people's personal information for three months.

Preferring to focus on what to do moving forward instead of laying blame, UDOH officials told the crowd they should sign up for credit monitoring, paid for by the state for a year. But the state said it would not pay for a credit freeze or a fraud alert.

"They say it's up to us to find about all of this. I think it should be up to the state," one victim, who declined to give his name, told FOX 13. "We feel we've been violated by the people we trusted to protect our information."

So far, about 20,000 of the estimated 780,000 victims have signed up for credit monitoring. Many of the victims were also unaware that they were entitled to a free credit report from each of the major credit bureaus every year.

"They're doing all they can is what they're saying to us," said John Jolley, another victim of the data breach. "The problem is it's only going to be for one year. This could be for the rest of my life."

Rep. Rebecca Chavez-Houck, D-Salt Lake City, revealed she is also a victim of the data breach. She said the Utah State Legislature might look at the initial data breach itself. A pair of audits are also under way.

"I think we need to evaluate more, the circumstances that led to the breach," she said.

The FBI is also conducting a criminal investigation.

UDOH has posted the following information for updates and resources regarding the data breach:

For more information on identity theft protection, visit the following link:

Download to read the health department's info sheet: "What Can I Do To Protect My Credit?"