Nation-state spy group violates Alaska Department of Health


A bear lumps along a shore with pine trees in the background.
Enlarge / If you are an Alaska Native Ursus arctos The population could enlist for cyber defense patrols, attackers might need legs to reflect before committing a criminal offense.

Last week, the Alaska Department of Health and Human Services (DHSS) disclosed a security breach apparently made by a sophisticated attacker at the nation-state level.

According to DHSS, which hired renowned security firm Mandiant to investigate the breach, the attackers established themselves within the DHSS network through one of its public websites, from which it pivoted to deeper resources.

A saga of months

This is not the first report of the violation from DHSS. The organization first publicly announced the intrusion into May 18, with a June update announcing a multi-pronged investigation, and one more in August by completing the first of the three steps of the investigation.

In the August update, DHSS revealed that Mandiant—A subset of the larger computer security firm FireEye — completed their initial investigation and concluded that the intrusion was a direct and sophisticated attack rather than a simple drive-by ransomware infestation. “The type of group behind this disruptive attack is a very serious operation with advanced capabilities,” said DHSS Commissioner Adam Crum.

According to DHSS technology officer Scott McCutcheon, the attackers were both advanced and persistent: “This was not a ‘one-time’ situation, but rather a sophisticated attack intended to go undetected for an extended period. The attackers took steps to maintain that long-term access even after they were detected. “

Most of the technical details provided by Alaska DHSS were included in the August update last week. notification instead, he was referring to the impact of the attack on the citizens of Alaska.

Leaked data and response from Alaska

A security monitoring company conducting proactive surveillance first noticed signs of an intrusion on May 2. Alaska’s Information Technology Office (Office of Security) notified DHSS of unauthorized access to a computer on May 5, after which DHSS reports that it immediately shut down systems to deny attackers further access to protected data.

During that (at least) three-day period, the attackers potentially had access to personal data, some of which constitutes a violation of both HIPAA and the Alaska Personal Information Protection Act (APIPA). The number of people involved in the attack is still unknown, as is exactly what data may have been exfiltrated, but the attackers potentially had access to “any data stored in the department’s information technology infrastructure,” including but not limited to , the following:

  • Complete names
  • Dates of birth
  • Social security numbers
  • Addresses
  • Telephone numbers
  • Driver’s license numbers
  • Internal identification numbers (case reports, protected services reports, Medicaid, etc.)
  • Health information
  • Financial information
  • Historical information about a person’s interaction with DHSS

In response, the state of Alaska is offering free credit monitoring to “any concerned Alaska.” All Alaskan citizens who have requested a dividend from the permanent fund will receive an email notification describing the default and providing a code for the free credit monitoring service. Concerned Alaskans who do not receive a code by email should contact a toll-free hotline available at the DHSS website starting Tuesday, September 21.


arstechnica.com

Leave a Reply

Your email address will not be published. Required fields are marked *