Montana consumers beware. Government officials have confirmed that the personal information of 1.3 million people has been hacked. State of Montana officials are now notifying potential victims that hackers broke into a Department of Public Health and Human Services (DPHHS) computer server.
So far, officials cannot confirm or deny that hackers gained access or used any of the information on the server. However, state and federal laws demand the state notify individuals whose personal information may have been compromised in the attack . The list of names includes current and former Montana residents, including some who are deceased.
“Out of an abundance of caution, we are notifying those whose personal information could have been on the server,” said DPHHS Director Richard Opper. “Again, we have no reports, nor do we have any evidence that anyone's information was used in any way, or even accessed.”
Very Personal Information
According to state officials, information on the server included demographic information, such as names, addresses, dates of birth, and Social Security numbers. The server may also have included information regarding DPHHS services clients applied for and/or received, such as health assessments, diagnoses, treatments, health conditions, prescriptions, and insurance.
"I encourage Montanans who are notified to sign up for the free credit monitoring and insurance that is being provided," Opper said. Montana is offering free credit monitoring and insurance to eligible individuals who receive letters from the state. The letters offer instructions for signing up for credit monitoring, including personal activation codes. Due to privacy laws, state officials cannot enroll individuals automatically.
According to State of Montana Chief Information Officer Ron Baldwin, the state upgraded its property insurance policy in 2013 to cover cybersecurity and data security breaches. The policy provides coverage of up to $2 million to cover costs associated with the toll-free Help Line, mailing notification letters, free credit monitoring and other services. State officials say insurance should cover most of the costs associated with the hack.
Money Still the Motive
We caught up with Tom Cross, director of security research at network security solutions firm Lancope, to get his take on the incident. Typically, he told us, medical records are stolen with the intent of committing identity theft.
“The criminals will apply for credit in the victim's name, spend the money, and never repay it,” he said. “Ultimately, the victim's credit may be damaged or they may be contacted by bill collectors. Fortunately, victims of identity theft can work with credit reporting agencies to remove fraudulent transactions from their credit reports.”
Montana state officials have taken “several steps” to further strengthen security. Some of the initiatives include safely restoring all affected systems, adding additional security software to offer more protection for sensitive information on its servers, and constantly reviewing security practices to make sure everything that can be done is being done.