The number of victims involved in the recent Utah Department of Health hack has climbed once again with the state health agency announcing yesterday that the breach has affected approximately 500,000 Utah residents, while an additional 280,000 residents had their Social Security numbers stolen.
The final tally is approximately 780,000 people – about 600,000 more than the agency initially reported late last week, according to a joint statement issued by the Utah Department of Technology Services (DTS) and the Utah Department of Health (UDOH).
The latest group of people affected includes Utah residents who may have recently filled out a Medicaid Eligibility Inquiry form to be sent to the state in order to see if they’d qualify for Medicaid.
The DTS has announced they will send letters to each person involved in the breach, yet will stagger sends – waiting to notify as many as 350,000 victims who had less-sensitive information, like names, addresses and birth dates stolen in the breach – opting to notify victims who had Social Security numbers stolen first.
The news is the latest following the breach of one of UDOH’s servers late last month where a hacker took advantage of a password authentication configuration error in the agency’s security system.
To date, the hack has yielded information of Utah residents that have visited a health care provider in the past four months, particularly residents that are Medicaid or Children’s Health Insurance Plan (CHIP) recipients or have expressed interest in receiving Medicaid.
With the latest influx of victims, the DTS announced it has launched a criminal investigation and is working alongside local law enforcement and the FBI going forward.