Gov. Gary Herbert has fired the state's top computer nerd in the wake of the Medicaid data breach. That earns the governor one point for enforcing accountability, but it won't do much for the 780,000 Utahns whose identities have been compromised and the 280,000 of those whose Social Security numbers were stolen. The sad truth appears to be that it is almost impossible to put this cat back in the bag.
More than six weeks after the initial theft of data from an unsecured computer server, the Herbert administration still is scurrying around trying to figure out new ways to help the victims. On Tuesday, the governor announced the appointment of a health data security ombudsman who will oversee individual case management, credit counseling and public outreach. The state is making available free credit monitoring service to victims for a year.
Herbert announced that he had asked for the resignation of Stephen Fletcher, director of the Department of Technology Services. The governor asking for Fletcher to fall on his sword was appropriate, if belated. The data should have been encrypted. It wasn't. In addition, something went awry at the "password authentication level," whatever that means, "allowing the hacker to circumvent the security system" on the server.