Health care records were hacked for “up to 1.3 million,” according to a new report emanating from the Department of Public Health and Human Services in Montana.
The state’s public health department noted that health care information and bank account info may have been exposed after a server was tapped by hackers in May.
The server was reportedly shut down on May 22, notes PC World, adding that it came a week after suspicious activity was noticed and an independent forensic investigation began.
While the data was backed up, the state admits that it has “no knowledge” on whether the data was used inappropriately.
According to the state’s initial news release, the server held information such as names, addresses, birth dates and Social Security numbers for services citizens had applied for or received.
For some people, the info may have featured data on health assessments, diagnoses, treatment, health condition, prescriptions and insurance.
“Birth and death records, part of the state’s Vital Statistics database, were also on the server,” PC World adds.
The health care info that was hacked (and bank account info) may have affected contractors as well as both former and current employees. Their names, addresses, birth dates, Social Security numbers and dates of service, were also included in the mix.
The official statement said that those affected would be contacted and offered free credit monitoring.
“Montana had upgraded its property insurance policy last year to include coverage for data security incidents. The US$2 million policy will cover costs such as setting up a toll-free help line, free credit monitoring and mailing notification letters,” PC World notes.
The policy is expected to cover “the majority of costs” in this situation.
While this particular breach may be under control, the target at the center of the issue — the government — is likely to reignite debates over just how insecure health data could be on the Obamacare exchanges.
In January of this year, The Daily Caller reported that the federally run exchanges were so easy to crack that a hacker managed to do it in just four minutes.
David Kennedy, the hacking expert that shook the country this week with his congressional testimony about the security failures of HealthCare.gov, explained Sunday how he was able to penetrate the site.
“There’s a technique called, what we call ‘passive reconnaissance,’” Kennedy explained to “Fox News Sunday” host Chris Wallace, “which allows us to query and look at how the website operates and performs.”
“And these type of attacks that I’m mentioning here, and the 70,000 [personal records Kennedy found] that you’re referencing, is very easy to do,” Kennedy continued. “It’s a rudimentary type attack that doesn’t actually attack the website itself. It extracts information from it without actually having to go into the system.”
Do you think the health care info hacked in the Montana data breach is a sign of bigger things to come, or is this simply to be expected for the times we live in?
[Image via ShutterStock]