[ad_1]
Last week, the Alaska Department of Health and Human Services (DHSS) revealed a security breach apparently committed by a sophisticated attacker at the nation-state level.
According to DHSS, which contracted with well-known security firm Mandiant to investigate the breach, the attackers gained a foothold inside DHSS’s network through one of its public websites, from which it has pivoted to deeper resources.
A saga of several months
This is not the first report of the DHSS violation. The organization first announced the intrusion publicly on May 18, with an update in June announcing a multi-pronged investigation, and another in August following the completion of the first of three stages of the investigation. .
In the August update, DHSS revealed that Mandiant, a subset of the larger infosec firm FireEye, had completed its initial investigation and concluded that the intrusion was a direct and sophisticated attack rather than a simple ransomware infestation. “The type of group behind this disruptive attack is a very serious operation with advanced capabilities,” said DHSS Commissioner Adam Crum.
According to Scott McCutcheon, DHSS chief technology officer, the attackers were both advanced and persistent: “This was not an ‘all-in-one’ situation, but rather a sophisticated attack intended to be conducted undetected over an extended period of time. Attackers took steps to maintain this long-term access even after detection. “
The majority of the technical details provided by the Alaska DHSS came in the August update – instead, last week’s notification was about the impact of the attack on the citizens of Alaska.
Alaska data breach and response
A security monitoring company conducting proactive surveillance first noticed signs of an intrusion on May 2. The Alaska Information Technology Bureau (Security Office) notified DHSS of unauthorized access to a computer on May 5, after which DHSS reported that it immediately shut down systems to deny to attackers additional access. to protected data.
During that (at least) three-day window, attackers potentially gained access to personal data, some of which violates both HIPAA and Alaska’s Personal Information Protection Act. (APIPA). The number of individuals involved in the attack is still unknown, as is the exact data that may have been exfiltrated, but the attackers potentially gained access to “all data stored on the ministry’s IT infrastructure,” including, but not limited to:
- Full names
- Dates of birth
- Social security numbers
- Addresses
- Phone numbers
- Driver’s license numbers
- Internal identification numbers (case reports, protected duty reports, Medicaid, etc.)
- Health information
- Financial information
- Historical information regarding a person’s interaction with DHSS
In response, the state of Alaska offers free credit monitoring to “any affected Alaskan.” All Alaskan citizens who have requested a permanent dividend from the fund will receive an email notification describing the violation and offering a code for the free credit monitoring service. Affected Alaskans who do not receive a code by email will need to contact a free hotline which will be available on the DHSS website from Tuesday, September 21.
[ad_2]
Source link