The web portal for the Utah Health Exchange was hacked and littered with "graffiti" last month, rendering the site useless for a little more than a week, the Salt Lake Tribune reported this week. The attack is the second this year for a statewide healthcare entity, but is unrelated to the breach last March that jeopardized medical information for hundreds of thousands of Medicaid patients, according to a state official.
Mike Sullivan, a spokesman from the Governor's Office of Economic Development, told the newspaper that the graffiti consisted of "garbled" words and "blurred" headlines, but only on informational pages for the website. He added that no criminal investigation would be conducted, comparing the incident to a "kid who spray paints your mailbox."
In the incident last March, Eastern European hackers gained access to healthcare information for nearly 780,000 Medicaid patients in Utah. Social Security numbers for 280,000 beneficiaries also were compromised during the attack, in which the hackers took advantage of information that mistakenly had been placed and left online too long with the factory password.
The state of Utah is not the only entity to experience multiple health data breaches of late. The University of Miami Hospital suffered one breach in July when two former employees inappropriately accessed registration "face sheets" that contained patient information including names, addresses and dates of birth; another breach occurred last November, according to SunSentinel.com, when a briefcase with a USB drive containing personal information for more than 1,200 patients was stolen out of an employee vehicle.
The University of Texas M.D. Anderson Cancer Center, meanwhile, suffered a pair of breaches, as well. One breach took place in July when a medical student trainee riding on an employee shuttle bus lost an unencrypted portable hard drive that contained information for 2,200 patients. An earlier breach occurred at the end of April when a laptop containing data on more than 30,000 patients was stolen out of an employee's home.
A Government Technology story this week suggested that states planning on running their own health insurance exchanges may want to re-examine cybersecurity efforts.