Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Crime Privacy Security News IT Your Rights Online

Medicaid Hacked: Over 181,000 Records and 25,000 SSNs Stolen 181

Posted by timothy from the those-damn-corporations dept.
An anonymous reader writes "The Utah Department of Health has been hacked. 181,604 Medicaid and CHIP recipients have had their personal information stolen. 25,096 had their Social Security numbers (SSNs) compromised. The agency is cooperating with law enforcement in a criminal investigation. The hackers, who are believed to be located in Eastern Europe, breached the server in question on March 30, 2012."
This discussion has been archived. No new comments can be posted.

Medicaid Hacked: Over 181,000 Records and 25,000 SSNs Stolen More

Medicaid Hacked: Over 181,000 Records and 25,000 SSNs Stolen

Comments Filter:

  • Re:if you can't beat them (Score:5, Informative)

    by gstrickler ( 920733 ) on Sunday April 08, 2012 @10:10PM (#39615701)

    You say they are compliant. However, if they're rejecting claims because you're including information that they don't use, they're not compliant with the standard. From the X096/X097/X098 4010 837 transaction set implementation guides:

    1.3 Business Use and Definition
    ...
    Trading partners agreements are not allowed to set data specifications that conflict with the HIPAA implementations. Payers are required by law to have the capability to send/receive all HIPAA transactions. For example, a payer who does not pay claims with certain home health information must still be able to electronically accept on their front end an 837 with all the home health data. The payer cannot up-front reject such a claim. However, that does not mean that the payer is required to bring that data into their adjudication system. The payer, acting in accordance with policy and contractual agreements, can ignore data within the 837 data set. In light of this, it is permissible for trading partners to specify a subset of an implementation guide as data they are able to process or act upon most efficiently. A provider who sends the payer in the example above, home health data, has just wasted their resources and the resources of the payer. Thus, it behooves trading partners to be clear about the specific data within the 837 (i.e., a subset of the HIPAA implementation guide data) they require or would prefer to have in order to efficiently adjudicate a claim. The subset implementation guide must not contain any loops, segments, elements or codes that are not included in the HIPAA implementation guide. In addition, the order of data must not be changed. Trading partners cannot up-front, reject a claim based on the standard HIPAA transaction.

    I don't have the 5010 guides, but I'm sure you'll find the same or similar language

  • Re:As they should be (Score:5, Informative)

    by arth1 ( 260657 ) on Sunday April 08, 2012 @10:40PM (#39615847) Homepage Journal

    This idea of blame the victims don't blame the criminals that so many on Slashdot have is stupid.

    I don't see this much. I see a lot of blaming the criminals and those who made it easy for the criminals.
    That B is responsible too doesn't take any blame away from A. Just like if your handyman forgets to lock the door, it doesn't make the burglar any less responsible; it only adds blame to the handyman.

    Remember, the victim here isn't the Utah Department of Health, it's the users of the services. The Utah Department of Health gets some blame too, not instead.
    If any of the victims are to blame for anything, it's voting for a system that puts everything to the lowest bidder, making shit like this common occurrence and impossible to safeguard against.

Slashdot Top Deals

Intel CPUs are not defective, they just act that way. -- Henry Spencer

Close