Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

Cyberattack on Alaska Health Department Linked to State-Sponsored Hackers

The Alaska health department has shared more information about the cyberattack detected earlier this year, and the organization says the attack was conducted by state-sponsored hackers.

The Alaska health department has shared more information about the cyberattack detected earlier this year, and the organization says the attack was conducted by state-sponsored hackers.

The first signs of a possible cyber breach were detected on May 2 by a “security monitoring firm” that reported its findings to the State Security Office, which in turn notified the Alaska Department of Health and Social Services (DHSS) on May 5.

FireEye’s Mandiant was brought in to help investigate the incident. The investigation revealed on May 17 that a server related to the DHSS website had been breached. The incident was immediately disclosed to the public and updates were provided in June and August. However, not much information could be made public due to the ongoing investigation.

There had been some speculation initially that it may have been a ransomware attack, but the information shared by the Alaska health department last week revealed that “there is no indication of this being a ransomware attack” and that instead it was an attack conducted by a state-sponsored threat actor.

FireEye has apparently linked the attack to a “highly sophisticated group known to conduct complex cyberattacks against organizations that include state governments and health care entities.” However, the threat group has not been named and the health department will not speculate on their intentions.

“At this time, due to a law enforcement investigation, details on the nature and scope of this attack will not be released. Providing any further specific details could give our attackers information that would help them, and others, be more successful in future cyberattacks,” the DHSS said.

It did say, however, that the attackers “exploited a vulnerable website and spread from there.” There is no evidence that the hackers still have access to the organization’s systems, but steps are being taken to improve security as there is “real concern” that they might attempt to once again gain access.

The investigation has revealed that the attacker may have obtained information such as name, date of birth, social security number, address, phone number, driver’s license number, internal ID, health and financial information, and information on users’ interactions with the DHSS.

Advertisement. Scroll to continue reading.

Since it hasn’t been able to determine exactly who and what type of information is impacted, the DHSS is notifying all Alaskans and is offering free credit monitoring services to individuals who believe they may have been hit.

A Health Insurance Portability and Accountability Act (HIPAA) and Alaska Personal Information Protection Act (APIPA) breach notification was also issued last week.

As for how much it will cost to address the incident, the Alaska health department said it’s paying FireEye and Mandiant nearly $460,000, but it’s still unclear how many staff hours will be spent until everything is restored.

Many systems have been shut down following the incident and while some of them have already been restored, others, such as the health department’s website, are still offline.

Other systems in Alaska, including the state’s court system, were also recently targeted in cyberattacks, but the DHSS could not say whether the attacks are related.

Related: Cyber Attack Forces Airline to Cancel Flights in Alaska

Related: Alaska Courts Restore Email, Lack Answers on Cyber Attack

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...