June 25, 2014
Montana State Health Records Compromised In Massive Data Breach
Peter Suciu for redOrbit.com - Your Universe Online
In William Shakespeare's patriotic play Henry V, the king rallies his men with the now famous line, "Once more unto the breach, dear friends, once more." In the era of almost daily reports of hacking its all too common to hear "once more about a breach," a security breach.This week it was some 1.3 million people that had their Social Security numbers and other personal information compromised following a data security breach of Montana's state health records. As of Wednesday morning the full extent of the damage from the intrusion is unclear according to state officials.
The breach occurred in May to a server tied to the Montana Department of Public Health and Human Services (DPHHS), and this exposed sensitive and/or confidential information that included current and former medical patients, health agency employees and even contractors. The state has begun notifying individuals whose personal information was on the server, consistent with state and federal laws, and officials announced that the state would notify individuals of free credit monitoring and identity protection insurance.
"Out of an abundance of caution, we are notifying those whose personal information could have been on the server," said DPHHS Director Richard Opper in a statement. "Again, we have no reports, nor do we have any evidence that anyone's information was used in any way, or even accessed."
Suspicious activity was first detected in mid-May, and an independent forensic investigation conducted on May 22 confirmed that at DPHHS computer server was hacked. Following the suspicious activity agency officials immediately shut down the server and contacted law enforcement. Since that the time the DPHHS staff has begun reviewing all files on the services.
The compromised data reportedly may have contained Social Security numbers, birth dates and names of patients, as well as bank account numbers, medical diagnoses, treatments, dates of service and even prescription information.
Computer World's Jeremy Kirk reported that Montana had upgraded its property insurance policy last year, and that included coverage for data security incidents. The $2-million policy could help cover the costs of setting up the toll-free help line and providing the free credit monitoring.
It was also announced that the State of Montana had taken several steps to further strengthen security. This included safely restoring all systems affected, adding additional security software to better protect sensitive information on existing servers; and continually reviewing its security practices to ensure all appropriate measures are being taken to protect citizen information.
Montana's DPHHS is the latest target in what has been an ongoing string of high-profile hacking incidents against public agencies and even commercial companies. Reuters reported that in 2012 hackers breached state health records in Utah, compromising the private information of some 780,000 patients in an attack that was believed to have originated in Eastern Europe.
It isn't clear who might be responsible for the hacking, or if the breach had resulted in any actual identify theft.
"We have absolutely no indication the criminals who illegally entered the server had any interest in the data they accessed in any way, shape or form, and we have no reports of people’s identities being stolen," Opper told Reuters.
Minneapolis-based Medtronic, the largest stand-alone medical device manufacturer in the world, also revealed this week that hackers had infiltrated its computers and that the firm had lost some patient records in separate incidents last year.