Montana health record hackers compromise
1.3 million people
Send a link to a friend
[June 25, 2014]
By Laura Zuckerman
(Reuters) - A data security breach of
Montana's state health records has compromised the Social Security
numbers and other personal information of some 1.3 million people, but
the full extent of damage from the intrusion is unclear, state officials
said on Tuesday.
Hackers of unknown origin gained access in May to a computer
server tied to the Montana Department of Public Health and Human
Services, exposing sensitive or confidential information of current
and former medical patients, health agency employees and
Individuals whose personal information was exposed are being offered
free credit monitoring, though investigators do not know whether the
breach resulted in any actual identity theft, department Director
Richard Opper said.
“We have absolutely no indication the criminals who illegally
entered the server had any interest in the data they accessed in any
way, shape or form, and we have no reports of people’s identities
being stolen,” Opper told Reuters.
In addition to containing the Social Security numbers, birth dates
and names of patients, such data as bank account numbers, medical
diagnoses, treatments, dates of service and prescriptions may have
been stored on the network, he said.
Montana is the latest target in a string of high-profile hacking
incidents that have seen personal and financial information
compromised amid cyber attacks on public agencies and commercial
companies such as retail giant Target Corp.
Hackers in 2012 breached state health records in Utah, compromising
the private information of some 780,000 patients in an attack that
was believed to have originated in Eastern Europe.
Attempts to hack into Montana's computer system number roughly
17,000 an hour, but the breach at the state health department marks
the first time cyber criminals successfully infiltrated a state
agency on such a large scale, Opper said.
[to top of second column]
Security upgrades have been put into place since the hacking came to
light on May 15, when a company that monitors the agency’s network
reported suspicious activity. Health officials shut down the server,
and a forensic investigation later confirmed the network had been
subjected to an unauthorized entry, Opper said.
In addition to credit monitoring, those whose information may have
been compromised are being offered free identity protection
insurance, Opper said. Up to $2 million in costs for such services
are covered by a state insurance policy tied to cyber and data
(Reporting by Laura Zuckerman from Salmon, Idaho; Editing by Steve
Gorman and Eric Beech)
[© 2014 Thomson Reuters. All rights
Copyright 2014 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.