Health Department fears new cyberattacks
“There is a real concern that this group will try again, so we are monitoring our systems for new threats,” Clinton W Bennett, press officer and spokesperson for the Alaska Department of Health and Social Services (DHSS), has acknowledged to Sol de Medianoche.
Since last May, DHSS has been experiencing intrusions and incidents in its systems, which have compromised sensitive citizen information: full names, birth dates, Social Security numbers, addresses, phone numbers, driver’s license numbers, internal identification numbers (case reports, protected services reports, Medicaid, etc...), health and financial information, or historical information on individuals’ interaction with the Department.
“DHSS does not know what information may have been compromised, or from whom, so it is notifying all Alaskans. There is a wide variety of services compromised, such as Medicaid coverage; birth, marriage, divorce and death certificates; immunization records; diseases or conditions that are required to be reported to the State; reports of harm to children or adults; or records of individuals involved in the juvenile justice system or Pioneer Homes...”
“A highly sophisticated group”
Clinton W Bennett has responded to questions directed by Sol de Medianoche to the Department’s Commissioner, Adam Crum, and denies that there have been “several cyber-attacks.” But he acknowledges one, the first signs of which were detected on May 2. DHSS hired leading cybersecurity firm FireEye and found that a server was compromised, so its website went offline.
The DHSS informed the public of this attack. and the disruption to its services from May 17 through Sept. 16. The Health Insurance Portability and Accountability Act (HIPAA) and the Alaska Personal Information Protection Act (APIPA) had been breached, and health and personal information were compromised.
FireEye has identified the attackers as “a highly sophisticated group known for conducting complex cyberattacks against organizations including state governments and healthcare entities.” DHSS is not providing the identity of this group, “nor will it speculate on their intentions.”
Free credit monitoring has been made available to Alaskans. “More information about the breach, including frequently asked questions, is given at dhss.alaska.gov,” Clinton W Bennett tells this newspaper.
As of Sept. 21, a toll-free hotline (5 a.m. to 5 p.m.) was opened to answer questions and help people sign up for the free credit check service. The phone number and website for credit monitoring are listed at dhss.alaska.gov.
Between Sept. 27 and Oct. 1, email notices have been sent to Alaskans who have applied for a Permanent Fund Dividend and provided an email address, which will include a code they can use to sign up for the service.
Individuals who did not receive a code will need to contact the toll-free hotline for assistance. Questions can also be directed to DHSS at 1-888-484-9355 or PrivacyOfficial@alaska.gov, but the enrollment process for credit monitoring will have to go through the toll-free hotline available from Sept. 21.
“If a person has questions, they should go to the IDX call center at 1-888-484-9355 and an agent can enroll them over the phone, eliminating the need for them to use a computer,” Bennett assures.