Health Data Security Breach Case Study
Utah Department of Health Data Security Breach
September 12, 2013
Accounting Information Systems
Utah Department of Health Data Security Breach
Introduction
On March 10, 2012, thousands of people fell victim to having their social security numbers, birthdays, names, addresses, and even their medical diagnosis stolen by computer hackers. On April 2, 2012, the breach was realized and 780,000 people learned that their identities were stolen and would now need to monitor their credit. Computer and internet fraud is defined by the federal law as “the use of a computer to create a dishonest misrepresentation of fact as an attempt to induce another to do or refrain from doing something which causes loss” (www.law.cornell.edu). …show more content…
A technician had placed the server online and neglected to change the factory password which was “password1,” the most common default password on the internet. Some of the victims whose identities were stolen were Medicaid recipients, but some were also privately insured, uninsured, and retirees whose information was sent to the Medicaid program in hopes of receiving their benefits. This case fits the profile of computer and internet fraud cases all over the world. Hackers gain access to databases that contain social security numbers and credit card or bank account numbers and then will most likely turn around and sell them to people who will ultimately use them for monetary gain. One way these hackers differ from other hackers is that they attacked already low-income individuals whereas most hackers will target wealthy individuals, large corporations, or small businesses. Wealthy people are targeted because they may not notice money missing right away or they will have other people controlling their accounts which makes it more difficult to notice missing information. In the Utah Department of Health data security breach, the hackers were able to steal information over a three day period before it was noticed and then the server was shut down. This is one of the many reasons that cyber-crime has become increasingly popular; because so much …show more content…
They are: perceived financial need, perceived opportunity, and rationalization. Together, these elements allow someone to commit, conceal, and convert fraud. In the data breach we’ve been discussing, the hackers had all three elements; they had a need or a reason to steal the private information, they had the opportunity to hack into the system when the technician neglected to change the default password, and they were able to rationalize it by saying that the state would have to protect all of the victims since it was their system that was compromised and it was their fault they didn’t change the password. Most of the time, if all three of these elements are not present, it is very difficult for someone to commit the fraud. For example, there may be the opportunity, but there is no reason to do it. Or, there is a reason to do it, but there is no
September 12, 2013
Accounting Information Systems
Utah Department of Health Data Security Breach
Introduction
On March 10, 2012, thousands of people fell victim to having their social security numbers, birthdays, names, addresses, and even their medical diagnosis stolen by computer hackers. On April 2, 2012, the breach was realized and 780,000 people learned that their identities were stolen and would now need to monitor their credit. Computer and internet fraud is defined by the federal law as “the use of a computer to create a dishonest misrepresentation of fact as an attempt to induce another to do or refrain from doing something which causes loss” (www.law.cornell.edu). …show more content…
A technician had placed the server online and neglected to change the factory password which was “password1,” the most common default password on the internet. Some of the victims whose identities were stolen were Medicaid recipients, but some were also privately insured, uninsured, and retirees whose information was sent to the Medicaid program in hopes of receiving their benefits. This case fits the profile of computer and internet fraud cases all over the world. Hackers gain access to databases that contain social security numbers and credit card or bank account numbers and then will most likely turn around and sell them to people who will ultimately use them for monetary gain. One way these hackers differ from other hackers is that they attacked already low-income individuals whereas most hackers will target wealthy individuals, large corporations, or small businesses. Wealthy people are targeted because they may not notice money missing right away or they will have other people controlling their accounts which makes it more difficult to notice missing information. In the Utah Department of Health data security breach, the hackers were able to steal information over a three day period before it was noticed and then the server was shut down. This is one of the many reasons that cyber-crime has become increasingly popular; because so much …show more content…
They are: perceived financial need, perceived opportunity, and rationalization. Together, these elements allow someone to commit, conceal, and convert fraud. In the data breach we’ve been discussing, the hackers had all three elements; they had a need or a reason to steal the private information, they had the opportunity to hack into the system when the technician neglected to change the default password, and they were able to rationalize it by saying that the state would have to protect all of the victims since it was their system that was compromised and it was their fault they didn’t change the password. Most of the time, if all three of these elements are not present, it is very difficult for someone to commit the fraud. For example, there may be the opportunity, but there is no reason to do it. Or, there is a reason to do it, but there is no