Montana State Says 1.3 Million Records Exposed in Data Breach
Up to 1.3 million records, including health care and bank account information, may have been exposed after a server at Montana?s public health department was hacked in May, the state said Tuesday.
State of Montana is notifying individuals whose personal information was on the hacked serve. The notification list includes both current and former Montana residents, and in some instances, the estates of deceased individuals. The state is also notifying individuals of free credit monitoring and identity protection insurance.
"Out of an abundance of caution, we are notifying those whose personal information could have been on the server," said DPHHS Director Richard Opper. "Again, we have no reports, nor do we have any evidence that anyone's information was used in any way, or even accessed."
On May 22nd, an independent forensic investigation determined a DPHHS computer server had been hacked. The forensic investigation was ordered on May 15th when suspicious activity was first detected by DPHHS officials. When the suspicious activity was discovered, agency officials immediately shut down the server and contacted law enforcement.
In recent weeks, DPHHS staff has been reviewing all files on the server to determine those individuals to be notified.
DPHHS clients are being notified because information on the server included demographic information, such as names, addresses, dates of birth, and Social Security numbers. The server may also have included information regarding DPHHS services clients applied for and/or received. Client information may include information related to health assessments, diagnoses, treatment, health condition, prescriptions, and insurance.
Also, the state is offering free credit monitoring and insurance to eligible individuals who receive a letter. The letters include detailed instructions about how to sign up for this recommended service, including their own personal activation code.
According to State of Montana Chief Information Officer Ron Baldwin, the state upgraded its property insurance policy in 2013 to include cyber/data security coverage for incidents such as this one. The policy provides coverage of up to $2 million to cover costs associated with the toll-free Help Line, mailing notification letters, free credit monitoring and other services. State officials expect the majority of costs associated with this incident to be covered by insurance.
"Out of an abundance of caution, we are notifying those whose personal information could have been on the server," said DPHHS Director Richard Opper. "Again, we have no reports, nor do we have any evidence that anyone's information was used in any way, or even accessed."
On May 22nd, an independent forensic investigation determined a DPHHS computer server had been hacked. The forensic investigation was ordered on May 15th when suspicious activity was first detected by DPHHS officials. When the suspicious activity was discovered, agency officials immediately shut down the server and contacted law enforcement.
In recent weeks, DPHHS staff has been reviewing all files on the server to determine those individuals to be notified.
DPHHS clients are being notified because information on the server included demographic information, such as names, addresses, dates of birth, and Social Security numbers. The server may also have included information regarding DPHHS services clients applied for and/or received. Client information may include information related to health assessments, diagnoses, treatment, health condition, prescriptions, and insurance.
Also, the state is offering free credit monitoring and insurance to eligible individuals who receive a letter. The letters include detailed instructions about how to sign up for this recommended service, including their own personal activation code.
According to State of Montana Chief Information Officer Ron Baldwin, the state upgraded its property insurance policy in 2013 to include cyber/data security coverage for incidents such as this one. The policy provides coverage of up to $2 million to cover costs associated with the toll-free Help Line, mailing notification letters, free credit monitoring and other services. State officials expect the majority of costs associated with this incident to be covered by insurance.