Some systems at the Alaska Department of Health and Social Services (DHSS) are still offline after being hit by a nation-state backed cyberattack in May.
As a result of the incident, an unknown number of people have potentially had their personal information stolen. This information could include full names, dates of birth, social security numbers, telephone numbers, health information, financial information and other data, which cyber attackers could exploit.
Because of the sensitive nature of the information and the potential for it to be abused, DHSS has urged all Alaskans who provided data to – or had their data stored by – DHSS to take action to protect themselves from identity theft. A free credit-monitoring service is being made available to public members concerned that they may be caught up in the breach.
SEE: A winning strategy for cybersecurity (ZDNet special report).
The potential breach of personal information has only just been revealed, despite the incident being first detected in May and previous updates about the attack in June and August – according to a DHSS statement, this was delayed until now to avoid interference with a criminal investigation.
And four months from the initial attack, some DHSS online services still haven’t been restored, and there’s no timeline for when they’ll be back.
“All affected systems remain offline as we diligently and meticulously move through the three phases of our response. Work is continuing to restore online services in a manner that will better shield DHSS and Alaskans from future cyberattacks,” said Scott McCutcheon, technology officer at DHSS.
The attack started with the use of an unspecified exploit against a vulnerable website and spread from there. The state isn’t providing additional information at this time because “providing any further specific details could give our attackers information that would help them, and others, be more successful in future cyberattacks.”
Cybersecurity company FireEye was brought into investigating the attack and have identified those behind it as “a highly sophisticated group known to conduct complex cyberattacks against organizations that include state governments and health care entities” – but no additional information is currently being revealed. However, DHSS does state this wasn’t a ransomware attack.
SEE: Ransomware: This new free tool lets you test if your cybersecurity is strong enough to stop an attack.
While the exact motives behind the attack aren’t currently clear, healthcare is a frequent target for cyberattacks by both nation-state groups and cyber-criminal gangs. The amount of sensitive personal information involved in healthcare provides attackers with a lot of information about individuals, potentially useful for foreign intelligence services.
As a result of the attack, DHSS says it is taking action to boost the cybersecurity of networks to prevent additional incidents in future.
“As systems are being brought back online, steps are being taken to build them back to be as resilient as possible to be protected from future cyberattacks. Additional steps are being planned for post-incident hardening of our IT infrastructure,” the department said in a statement.