When people request price quotes through the exchange, they have to share their name, address, birth date and medical history. But all this is done on a separate, secure site, said Sullivan.
"Only the informational pages were affected," he said. "It was a pure act of graffiti. Words were garbled, headlines were blurred. You couldn't access some of the pages."
The website was inoperable for about 10 days, said Sullivan, who doesn't have an estimate for what it cost to rebuild it. He doubts it had any measurable impact on business.
Because no harm was done there will be no criminal investigation, he said. "There's nothing to investigate. Do you investigate the kid who spray paints your mailbox?"
The website is maintained by the Utah Department of Technology Services, which was at fault in the Medicaid breach.
In the Medicaid case, hackers in Eastern Europe on March 30 broke into a state Medicaid server that had been mistakenly placed online with the factory password.
The two incidents have no connection, said Stephanie Weiss, a spokeswoman for the agency. "[With the health exchange] no servers were hacked. The website isn't connected to any database, only other websites."