Utah hiring crisis team to manage health data breach
Personal data • Health agency ramps up efforts to help victims, rebuild public trust.
This is an archived article that was published on sltrib.com in 2012, and information in the article may be outdated. It is provided only for personal research purposes and may not be reprinted.

The state of Utah is hiring a public relations firm to handle "crisis communications" in the wake of a health data breach that put the personal information of 780,000 people at risk.

The contract will be short-lived and will cost between $100,000 and $200,000, according to a solicitation published on May 11.

It calls for building a communications plan to "rebuild trust with the public, specifically those who were directly impacted by the breach and those who rely on the [Utah Department of Health] for critical health services."

The chosen vendor will be tasked with building a website, producing videos in multiple languages, and writing content to be distributed via the media, advocacy groups and at community forums across the state.

The damage-control blitz marks a third attempt by the Utah Department of Health to seek outside aid in managing the breach. The agency has hired two independent auditing firms to analyze the state's data security and storage systems and monitor efforts to notify and protect victims.

Those contracts will cost upwards of $1.3 million, said health spokesman Tom Hudachko. That's on top of other safeguards, including the year of free credit monitoring being offered to the 255,000 people whose Social Security numbers were compromised, estimated to cost tens of millions of dollars.

Nevertheless, advocates for the poor say the money is well spent.

"I'm pleased as punch," said Judi Hilman, executive director of the Utah Health Policy Project, who hopes the communication plan is part of a broader strategy to re-brand Medicaid.

Already stigmatized, the low-income insurance program was further tarnished on March 30 when hackers broke into a poorly protected Medicaid eligibility server. On that server were Medicaid claims and the names, birth dates, addresses and Social Security numbers of retirees on Medicare, the privately insured and uninsured — information sent by health providers and billing companies to inquire about a patient's eligibility for Medicaid.

The stolen information is not yet known to have been misused.

But victims have been slow to take advantage of the free credit monitoring. Indeed, some are just now receiving notices they were affected.

"We're hearing from families who are falling through the cracks, especially Spanish-speaking families," said Hilman. "What you don't want to have happen is for work on the breach to crowd out other priorities at the Health Department, including efforts to improve the quality and efficiency of programs like Medicaid."

kstewart@sltrib.comTwitter: @kirstendstewart —

Was your information hacked?

Protect yourself • If you've been to a Utah health provider in the past four months, or possibly the last year, your personal information may have been exposed in a state data breach. To find out, call 1-855-238-3339.