Montana data breach exposes 1.3 million personal records
The exposed data included health assessments, prescriptions and diagnoses for some residents
IDG News Service - Up to 1.3 million records, including health care and bank account information, may have been exposed after a server at Montana's public health department was hacked in May, the state said Tuesday.
The server, which belonged to the Department of Public Health and Human Services, was shut down on May 22, a week after suspicious activity was noticed and an independent forensic investigation began, according to a news release.
The state said it has no knowledge if data on the server was inappropriately used or accessed. The data was backed up.
The server held information such as names, addresses, birth dates and Social Security numbers for services citizens had applied for or received. For some people, the information may have included data on health assessments, diagnoses, treatment, health condition, prescriptions and insurance, the state said.
Birth and death records, part of the state's Vital Statistics database, were also on the server.
Contractors as well as current and former employees of the department may have been affected. The server contained their names, addresses, birth dates, Social Security numbers along with bank account information and dates of service, the state said.
Those affected are being contacted by the department and will be offered free credit monitoring, according to a statement.
Montana had upgraded its property insurance policy last year to include coverage for data security incidents. The $2 million policy will cover costs such as setting up a toll-free help line, free credit monitoring and mailing notification letters, the state said.
The policy should cover the "majority" of costs for this incident, it said.
The state said it has since restored the affected systems and added additional security software "to better protect sensitive information on existing servers."
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Cybercrime and Hacking White Papers | Webcasts