Initially, it appeared that hackers who broke into the server were able to remove 24,000 claims. However, as the investigation progressed, DTS determined the hackers removed 24,000 files. One single file can potentially contain claims information on hundreds of individuals, the Utah Department of Health (UDOH) explained in a statement.
A server configuration error occurred at the authentication level, allowing hackers to circumvent the security system, the statement said.
"We understand clients are worried about who may have accessed their personal information, and that many of them feel violated by having their information compromised. But we also hope they understand we are doing everything we can to protect them from further harm", said UDOH deputy director Michael Hales.
DTS said it would contact individuals whose personal information was compromised during the attack, with priority given to those who had their social security numbers stolen.
The agency said it identified where the breakdown occurred and has implemented new security processes to prevent future breaches. Additional steps are being implemented to improve security controls related to the implementation of computer hardware and software, as well as increased network monitoring and intrusion detection capabilities, it noted.