More than 100,000 households that had applied for public assistance services from the Alaskan State Department of Health and Social Services (DHSS) had their data breached last spring, the applicants just learned.
The impact of a Zeus/Zbot Trojan virus attack discovered in late April was initially thought to affect only about 500 Alaskans, but further investigation discovered the breach to be far worse and likely the work of Russian attackers.
The infected computer showed that it had interacted with Russia-based IP addresses, compromising names, social security numbers, birth dates, addresses, health information, benefit information and income.
Last June DHSS went public about the suspected breach of HIPAA and APIPA information, and alerted those whose data was taken from the Divisionof Public Assistance (DPA). Those affected now are thought to be DPA applicants of such programs as Medicaid, SNAP, senior benefits, and disabilities related to Medicaid and adult public assistance, including PII of multiple members in each household.
The households impacted by the hack received letters from DHSS, which told the recipients steps had been taken to prevent such an attack,“but unfortunately there are some viruses we just aren’t able to be prepared for,” Shawnda O'Brien, director of the Division of Public Assistance, was quoted in a published report.
The DHSS letter reads: “We are working very hard in conjunction with the State of Alaska, Office of Information Technology and the FBI to further fortify and secure the statewide area network to protect against hackers penetrating our systems."