Utah launches cybersecurity audit, technology director resigns following breach

A few weeks ago, Utah had a significant breach in the security of health and Medicaid patient records. According to press accounts of the incident, despite state protocols requiring the data to be wiped in the event of a breach, records sat exposed for months effecting some 280,000 people. Now, the technology director for the department effected by the breach is resigning.

In a press event in Utah yesterday, Governor Gary R. Herbert detailed the state’s response to the breach including a full-scale independent audit of technology security systems and the appointment of a new technology director. Local law enforcement is also conducting a separate investigation.

The security audit will be conducted by Deloitte.

“The State of Utah must restore the trust placed in it,” the Governor said. “Cyber-security is the modern battlefront and we are all enlisted—you, me, our state agencies, the Legislature—all of us have a critical role to play,” he added.

The Governor made a public apology to citizens effected by the breach including 500,000 individuals who had less sensitive information stored on the compromised server.

“The compromise of even one person’s private information is a completely unacceptable breach of trust,” said the Governor. “The people of Utah rightly believe that their government will protect them, their families and their personal data. As a state government, we failed to honor that commitment. For that, as your Governor and as a Utahn, I am deeply sorry.”

According to law enforcement authorities, cyber attacks on public information systems have increased 600% this year, resulting in nearly a million attempts daily by cyber terrorists or hackers to infiltrate the State IT network.

The Governor is appointing Sheila Walsh-McDonald as the new Health Data Security Ombudsman. She will oversee individual case management, credit counseling and public outreach.

The Governor also announced the resignation of Stephen Fletcher, executive director of the Dept. of Technology Services (DTS), and the subsequent appointment of 28-year IT veteran Mark Van Orden as acting director of DTS.