Security Experts:

Cyberattack on Alaska Health Department Linked to State-Sponsored Hackers

The Alaska health department has shared more information about the cyberattack detected earlier this year, and the organization says the attack was conducted by state-sponsored hackers.

The first signs of a possible cyber breach were detected on May 2 by a “security monitoring firm” that reported its findings to the State Security Office, which in turn notified the Alaska Department of Health and Social Services (DHSS) on May 5.

FireEye’s Mandiant was brought in to help investigate the incident. The investigation revealed on May 17 that a server related to the DHSS website had been breached. The incident was immediately disclosed to the public and updates were provided in June and August. However, not much information could be made public due to the ongoing investigation.

There had been some speculation initially that it may have been a ransomware attack, but the information shared by the Alaska health department last week revealed that “there is no indication of this being a ransomware attack” and that instead it was an attack conducted by a state-sponsored threat actor.

FireEye has apparently linked the attack to a “highly sophisticated group known to conduct complex cyberattacks against organizations that include state governments and health care entities.” However, the threat group has not been named and the health department will not speculate on their intentions.

“At this time, due to a law enforcement investigation, details on the nature and scope of this attack will not be released. Providing any further specific details could give our attackers information that would help them, and others, be more successful in future cyberattacks,” the DHSS said.

It did say, however, that the attackers “exploited a vulnerable website and spread from there.” There is no evidence that the hackers still have access to the organization’s systems, but steps are being taken to improve security as there is “real concern” that they might attempt to once again gain access.

The investigation has revealed that the attacker may have obtained information such as name, date of birth, social security number, address, phone number, driver’s license number, internal ID, health and financial information, and information on users’ interactions with the DHSS.

Since it hasn’t been able to determine exactly who and what type of information is impacted, the DHSS is notifying all Alaskans and is offering free credit monitoring services to individuals who believe they may have been hit.

A Health Insurance Portability and Accountability Act (HIPAA) and Alaska Personal Information Protection Act (APIPA) breach notification was also issued last week.

As for how much it will cost to address the incident, the Alaska health department said it’s paying FireEye and Mandiant nearly $460,000, but it’s still unclear how many staff hours will be spent until everything is restored.

Many systems have been shut down following the incident and while some of them have already been restored, others, such as the health department’s website, are still offline.

Other systems in Alaska, including the state’s court system, were also recently targeted in cyberattacks, but the DHSS could not say whether the attacks are related.

Related: Cyber Attack Forces Airline to Cancel Flights in Alaska

Related: Alaska Courts Restore Email, Lack Answers on Cyber Attack

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.