Breach at Alaska health agency puts protected information at risk
The Alaska Department of Health and Social Services is notifying more than 500 individuals of two breaches of their protected health information on July 5 and 8 after it was hit with malware attacks.
Two of the agency’s computers were infected with a Trojan horse virus, which is malware disguised as legitimate software. The malware apparently was launched after an employee opened an email that was also believed to be legitimate.
The department notes it is not yet clear if protected information has been accessed, but the possibility exists. “The DHSS Information Technology and Security team continues to work quickly to determine the scope of data potentially accessed and will provide up-to-date information to Alaskans who many have been impacted by this event,” according to a letter to beneficiaries.
Until the extent of the access can be determined, the agency suggests that residents take steps to protect their information. “Due to the potential for stolen personal information, DHSS urges Alaskans who have been involved with the Office of Children’s Services to take actions to protect themselves from identity theft,” the notification letter states.
Individuals who have had prior contact with the Office of Children’s Services are urged to call the office to determine if their information was jeopardized in the breach.
The department did not respond to a request for additional information, including the range of protected information that may have been accessed and whether protective services will be offered. The HHS Office for Civil Rights, which enforces the HIPAA privacy, security and breach notification rules, generally wants to see protective services offered if warranted by the severity of a breach.