Health IT • Security breach not related to Medicaid data theft last March, officials say
This is an archived article that was published on sltrib.com in 2012, and information in the article may be outdated. It is provided only for personal research purposes and may not be reprinted.
Utah's massive Medicaid breach wasn't the only health care-related hacking of state information.
Three weeks ago someone corrupted the Web portal for Utah's Health Exchange, a virtual marketplace where small business employers and employees can shop for health insurance and obtain price quotes.
No one's personal information was compromised, said Mike Sullivan, spokesman for the Governor's Office of Economic Development where the exchange is housed.
When people request price quotes through the exchange, they have to share their name, address, birth date and medical history. But all this is done on a separate, secure site, said Sullivan.
"Only the informational pages were affected," he said. "It was a pure act of graffiti. Words were garbled, headlines were blurred. You couldn't access some of the pages."
The website was inoperable for about 10 days, said Sullivan, who doesn't have an estimate for what it cost to rebuild it. He doubts it had any measurable impact on business.
Because no harm was done there will be no criminal investigation, he said. "There's nothing to investigate. Do you investigate the kid who spray paints your mailbox?"
The website is maintained by the Utah Department of Technology Services, which was at fault in the Medicaid breach.
In the Medicaid case, hackers in Eastern Europe on March 30 broke into a state Medicaid server that had been mistakenly placed online with the factory password.
The two incidents have no connection, said Stephanie Weiss, a spokeswoman for the agency. "[With the health exchange] no servers were hacked. The website isn't connected to any database, only other websites."