Dept. of Technology Services CIO resigns over UDOH data breach

Posted at 3:29 PM, May 15, 2012
and last updated 2012-05-15 19:39:55-04

SALT LAKE CITY -- The Chief Information Officer of Utah's Department of Technology Services resigned Tuesday morning following a massive data breach at the Utah Department of Health.

J. Stephen Fletcher resigned at the request of Governor Gary Herbert.

"The State of Utah must restore the trust placed in it," Herbert said in a news conference Tuesday afternoon. "Cyber-security is the modern battlefront and we are all enlisted-you, me, our state agencies, the Legislature-all of us have a critical role to play."

Mark VanOrden, a 28-year information technology veteran, was appointed as acting director of the DTS.

Computer hackers stole information such as Social Security numbers, names and addresses from an estimated 780,000 people.

Earlier this month, UDOH reported a computer server was put online with a weak password. On March 10, hackers attacked it. On March 30, the hackers began downloading people’s personal information. Employees at the Utah Department of Technology Services discovered it on April 2.

While the data breach initially affected Medicaid and Children’s Health Insurance Program patients, UDOH acknowledged private healthcare providers had also run names through the database for billing purposes, to see if people qualified for Medicaid.

A pair of audits and a criminal investigation by the FBI were launched following the breach.

"Please know that no one from the State will contact you and ask for information over the phone or via email regarding this incident. Do not provide private information, especially not a Social Security Number or account information, in response to a phone call or email you did not initiate," Herbert said. "This incident is a tragic reminder that it is a different world in which we live. The dynamics continue to change and there is a very real and growing cyber threat."

UDOH has posted the following information for updates and resources regarding the data breach:

For more information on identity theft protection, visit the following link:

Download the health department’s info sheet: “What Can I Do To Protect My Credit?