Originally posted by Kyle Murphy via EHRintelligence.com
Hollywood has taught me many valuable lessons about heists. First, the hardest kinds of steals involve cracking state-of-art security and infiltrating nearly impregnable safes. Ocean’s Eleven and its sequels required a small army of specialists to achieve such feats. Second, the easiest heists to pull occur when the target is either on the move or recently settled (e.g., The Italian Job). All of this brings me to data migration.
Utah’s Department of Health (DOH) just reported the breach of 24,000 Medicaid records, which typically include a patient’s name, address, date of birth, SSN, physician’s name, national provider identifiers, tax identification numbers, and procedure codes for billing. The attack originated in Eastern Europe and occurred on March 30 after the DOH had migrated these data to new servers, which (ironically) were less secure than the original servers.
No information is absolutely safe, but security measures can be put in place to encrypt information and render it unreadable to hackers — it would seem that DOH’s data were exposed. The department is providing credit monitoring services to individuals affected by the breach.
Most of the discussion in health IT circles focuses on security for protected health information (PHI) in use by physicians and other health care providers. The DOH’s experience is yet another reminder that security begins at the top.
Listen to KCPW’s Whittney Evans’s report.