The February 2023 issue of IEEE Spectrum is here!

Close bar

Utah's Medical Record Data Breach Reveals Violation of Security Protocol

Data not deleted within a day as required

2 min read
Utah's Medical Record Data Breach Reveals Violation of Security Protocol

About a month ago, I blogged about the medical record breach at Utah's Department of Health (UDOH). Nearly a million patient medical records were stolen by suspected Eastern European hackers. When the story first broke, the state blamed the incident on a technician who “installed a password that wasn't as secure as needed” on a new server that had been placed into service just three months earlier.

Well, news stories like this one in the Salt Lake Tribune are now reporting that UDOH has partly shifted its stance, admitting the breach was made worse because the medical record data, instead of being erased each day as its own security protocols require, was left to accumulate on the server from the time it was first installed. UDOH is keeping quiet, however, about why the security protocol was not followed, as well as why compliance with the protocol and password requirements weren’t checked as a matter of course when the new server was brought online.

UDOH is also refusing to say whether those responsible for the security breach have been disciplined, something that those whose medical records were compromised have been asking about. In response to these inquiries, the department's executive director, David Patton, was quoted as saying that, "We’re in the mode of trying to help people, not find culprits."

So far, only 20 000 people have taken up the state’s offer of one year of free credit monitoring, although part of the slow uptake is being blamed on the state’s approach to victim outreach. According a separate story published by the Tribune, the letters from the state sent to potential victims concerning the breach direct them to “call a hot- line and enter their Social Security number.” Many folks, the Tribune reports, fear the letters they are receiving are part of some scam, since this type of request is exactly what  Utah’s government officials routinely advise state residents never to comply with. And even if you believe the letter is legit and follow the enclosed directions, the Tribune says, the operators manning the victim hotline are apparently only able to read from a script and have been instructed not to answer any questions posed to them by callers!

And speaking of engineering mistakes, according to an article in Computer World, an Apple programmer forgot to turn off a “debugging switch” in the latest version of Apple’s Lion operating system. The consequence of the error is that it can reveal “the passwords for material stored in the first version of FileVault, the company's encryption technology.” The issue doesn’t affect those with the latest version of FileVault, however.

The Conversation (0)

An IBM Quantum Computer Will Soon Pass the 1,000-Qubit Mark

The Condor processor is just one quantum-computing advance slated for 2023

4 min read
This photo shows a woman working on a piece of apparatus that is suspended from the ceiling of the laboratory.

A researcher at IBM’s Thomas J. Watson Research Center examines some of the quantum hardware being constructed there.

Connie Zhou/IBM

IBM’s Condor, the world’s first universal quantum computer with more than 1,000 qubits, is set to debut in 2023. The year is also expected to see IBM launch Heron, the first of a new flock of modular quantum processors that the company says may help it produce quantum computers with more than 4,000 qubits by 2025.

This article is part of our special report Top Tech 2023.

While quantum computers can, in theory, quickly find answers to problems that classical computers would take eons to solve, today’s quantum hardware is still short on qubits, limiting its usefulness. Entanglement and other quantum states necessary for quantum computation are infamously fragile, being susceptible to heat and other disturbances, which makes scaling up the number of qubits a huge technical challenge.

Keep Reading ↓Show less