Mejorando Nuestra Seguridad
Both the Utah Department of Health (UDOH) and the Utah Department of Technology Services (DTS) are taking significant steps to make sure a data breach like this never happens again.
How Did the State First Respond?
When the data breach was first detected by the DTS, the breached server was immediately shut down.
Also, Utah Governor Gary Herbert asked for the resignation of the head of the DTS.
Currently, the type of data that was compromised during the breach is now encrypted while it resides on state servers.
What Outside Help Is the State Getting?
We have hired two internationally recognized audit firms to conduct full-scale reviews of the data breach and our ongoing response.
Deloitte and Touche, a global leader in risk, security, and privacy services, is conducting a forensic analysis of the breach and making a full-scale assessment of the state's data security and data-storage systems.
Hogan Lovells is assessing how well our overall response and our communication with affected people comply with the Health Insurance Portability and Accountability Act (HIPAA).
What Are State Agencies Doing Internally?
DTS and UDOH have each conducted extensive internal assessments of their data security and data-storage systems, including:
- Analyzed all state servers for vulnerability to hacking.
- Increased network monitoring and intrusion-detection capabilities.
- Improved security controls and equipped each server with many layers of security:
- Perimeter security
- Network security
- Identity management
- Application security
- Data security
- Reviewed all security policies and procedures, and trained all staff members to know them inside-out.
- Encrypted the type of data that was breached.
- Reviewed our health-information security and privacy policies with the Digital Health Services Commission.