The Utah Department of Technology Services announced this week that it was investigating the security breach of a new server housing Medicaid claims records for the state’s Department of Health. “Very sophisticated” hackers, believed to be operating out of eastern Europe, accessed the server which had recently replaced an older one, and the compromised data from approximately 24,000 claims records may include patients’ names, addresses, dates of birth, and Social Security numbers, as well as providers’ names, addresses, tax ID numbers, and National Provider Identifiers.
Steve Fletcher, executive director of the DTS, stated that the new server had “weaker controls” then the old one it was replacing, and this vulnerability was apparently exploited by the hackers. The records stored on this new server were not encrypted. The DTS is working to determine how the security system was breached and how to prevent future data theft.
Security and adherence to the Health Insurance Portability and Accountability Act (HIPAA) are critical to any entity handling patient information, including those doing medical billing. While applications like Medisoft and Lytec are HIPAA-ready, there are additional measures that can help safeguard against data breaches and theft. For more information regarding tightening security and preventing unauthorized access to your practice’s protected data, contact Microwize Technology today.