Alaska DHSS suffers data breach
The Alaska Department of Health and Social Services had a security breach which may have disclosed personal information of individuals who have interacted with Division of Public Assistance (DPA) in the Northern region. Due to the potential for stolen personal information, DHSS urges Alaskans who have been involved with the DPA Northern region offices to take actions to protect themselves from identity theft.
On April 26th, a DPA computer in the Northern region was infected with a the Zeus/Zbot Trojan virus, resulting in a potential Health Insurance Portability and Accountability Act (HIPAA) and a Alaska Personal Information Protection Act (APIPA) breach of more than 500 individuals. The DHSS security team conducted an investigation which revealed the infected computer accessed sites in Russia, had unauthorized software installed, and other suspicious computer behavior that provided strong indications of a computer infection. The computer had documents including information on pregnancy status, death status, incarceration status, Medicaid/Medicare billing codes, criminal justice, health billing, social security numbers, driver’s license numbers, first and last names, birth dates, phone numbers, and other confidential data. Hackers may have used the infected computer to steal data. Preliminary investigations indicate that information potentially accessed from this breach originated in the Northern region.
Upon discovery of these events, the department took immediate action to mitigate further access to the infected computer. The DHSS Information Technology and Security team continues to work quickly to determine the scope of data potentially accessed, and will provide up-to-date information to Alaskans who may have been impacted by this event.
Individuals who have had prior contact with the Division of Public Assistance Northern region should call 888-484-9355 to see if their personal information may have been included in this breach. Updates will also be provided at www.dhss.alaska.gov.
For more information about how to protect avoid identity theft, visit the Federal Trade Commission’s website IdentityTheft.gov.
This press release was provided by DHSS.