Personal data of 1.3 million people have been compromised in Montana as state health department records have been hacked.
The data breach occurred in July 2013, but was discovered in mid-May this year by a computer security contractor who noticed "suspicious activity" on one of the computers in Helena. The state health department acknowledged the data hacking on May 29 this year.
The State of Montana is sending notification letters to the victims of the attack, cautioning them that hackers may have access to their personal details because of the data breach on the state health department's server. Sensitive information that was on the server and has potentially made its way into the hands of hackers includes addresses, names, social security numbers, date of birth, birth/death certificates, prescriptions, insurance and medical records of the residents of Montana.
The State of Montana is issuing letters to both current and former residents, as well as families of deceased residents whose information may have been compromised. Moreover, nearly 3,100 employees of the state health department have also been notified as the compromised server contained their bank details.
However, currently, there is no proof that the information has been stolen or misused.
"There is no information, no indication, that the hackers really accessed any of this information or used it inappropriately," said Richard Opper, director of the state Department of Public Health and Human Services. "We are erring on the side of displaying an overabundance of caution."
However, the State of Montana is providing credit monitoring and identity-fraud insurance free of charge to the 1.3 million people affected. The government has also set-up a toll free helpline where those affected by the data breach can call (800) 809-2956 to resolve their queries.
Per Opper, the helpline has received close to 170 calls since the announcement of the hacking; however, no callers have reported identity theft or unlawful access to their bank accounts because of the incident.
Since the hacking, the security of the state health department computer system has been updated. The incurred costs associated with the incident will likely be covered by the cyber-security insurance the state purchased in 2013.