In a Salt Lake Tribune article, reporter Patty Henetz quoted Utah Department of Health spokesman Tom Hudachko, who said that in this particular incident, a configuration error occurred at the level where passwords are entered, allowing the hacker to invade the security system. Technology Services has processes in place to ensure the state’s data is secured, but this particular server was not configured according to normal procedure.
Michael Hales, the Health Department’s Medicaid Director, said, “It just looks like processes broke down,” according to the Tribune.
This sounds like a weaselly way of admitting that the default passwords were not changed. Default passwords are the easiest way into any system!