Montana health record hackers compromise 1.3 million people

Tue Jun 24, 2014 10:06pm EDT

Related Topics

(Reuters) - A data security breach of Montana's state health records has compromised the Social Security numbers and other personal information of some 1.3 million people, but the full extent of damage from the intrusion is unclear, state officials said on Tuesday.

Hackers of unknown origin gained access in May to a computer server tied to the Montana Department of Public Health and Human Services, exposing sensitive or confidential information of current and former medical patients, health agency employees and contractors.

Individuals whose personal information was exposed are being offered free credit monitoring, though investigators do not know whether the breach resulted in any actual identity theft, department Director Richard Opper said.

“We have absolutely no indication the criminals who illegally entered the server had any interest in the data they accessed in any way, shape or form, and we have no reports of people’s identities being stolen,” Opper told Reuters.

In addition to containing the Social Security numbers, birth dates and names of patients, such data as bank account numbers, medical diagnoses, treatments, dates of service and prescriptions may have been stored on the network, he said.

Montana is the latest target in a string of high-profile hacking incidents that have seen personal and financial information compromised amid cyber attacks on public agencies and commercial companies such as retail giant Target Corp.

Hackers in 2012 breached state health records in Utah, compromising the private information of some 780,000 patients in an attack that was believed to have originated in Eastern Europe.

Attempts to hack into Montana's computer system number roughly 17,000 an hour, but the breach at the state health department marks the first time cyber criminals successfully infiltrated a state agency on such a large scale, Opper said.

Security upgrades have been put into place since the hacking came to light on May 15, when a company that monitors the agency’s network reported suspicious activity. Health officials shut down the server, and a forensic investigation later confirmed the network had been subjected to an unauthorized entry, Opper said.

In addition to credit monitoring, those whose information may have been compromised are being offered free identity protection insurance, Opper said. Up to $2 million in costs for such services are covered by a state insurance policy tied to cyber and data security.

(Reporting by Laura Zuckerman from Salmon, Idaho; Editing by Steve Gorman and Eric Beech)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (2)
N226TK wrote:
Anyone who manages a website knows that hacking attempts are constant, incessant and frequent. Imagine all your money on a table in the middle of a room with burglars and vandals swarming your house all the time. That’s what your private information is like online.

Some online transactions (like financial services) cannot function without a social security number for tax purposes. You can’t shop without a credit card (but you can use a low-balance card). And Medicare is the worst because your number IS your social security number…a good reason not to carry the card in your wallet!

Just assume that whatever data is online is accessible to thieves — and then try to make the case for electronic medical records. It’s just a bad, bad practice. Free “credit monitoring” is hardly comforting to anyone who’s been the victim of identity theft; I’d much rather see the service provider actually pay full damages for as long as the victim suffers loss… maybe then they’d take security seriously.

But in the meantime, just assume the convenience of online data comes at the price of security and for, for the most part, the locks on the doors aren’t very good.

Jun 25, 2014 6:09am EDT  --  Report as abuse
MonitorLizard wrote:
You can expect this to happen when Apple’s new medical app is put into use.

Jun 25, 2014 8:12am EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

Pictures