The executive director of Utah's Department of Technology Services has resigned over a data breach that exposed the Social Security numbers and other personal data of about 280,000 Medicaid recipients.
Utah Gov. Gary Herbert announced the resignation of Stephen Fletcher on May 15.
In a statement, Herbert described various initiatives that are designed to mitigate the risk of similar breaches in the future. The plan includes an independent audit of all IT security systems, the appointment of a health-data security ombudsman -- Sheila Walsh-McDonald -- and a continuing investigation by law enforcement into the recent breach.
"The people of Utah rightly believe that their government will protect them, their families and their personal data," Herbert said. "We failed to honor that commitment."
Hackers, believed to be operating out of Eastern Europe, broke into a state Medicaid server by exploiting a default password on the user authentication layer of the system.
The roles of two other state IT employees in the breach are also under investigation, according to the Salt Lake Tribune. And a contractor has been fired for providing unencrypted software, the newspaper said.
This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on Computerworld.com.
Read more about security in Computerworld's Security Topic Center.