By Jeff Gould
Utah’s Governor has just fired the state’s CIO over a data breach that let foreign hackers steal the social security numbers of 280,000 state residents. Why did this unfortunate episode happen, and what can we learn from it?
Here are the basic facts. Sometime back in March, Romanian data pirates hacked into a state database. Utah, like many states, maintains a database of Medicaid recipients that health insurance providers query to verify a patient’s entitlement status before paying for care. Unfortunately, the way the process works is badly designed: everyone who receives health care in Utah has their name queried, whether they are on Medicaid or not. The CIO can’t be held responsible for this poor workflow design choice. Most likely the politicians are to blame, or perhaps the state department that regulates health insurance in Utah.