[TheRecord] Alaska discloses ‘sophisticated’ nation-state cyberattack on health service

A nation-state cyber-espionage group has gained access to the IT network of the Alaska Department of Health and Social Service (DHSS), the agency said last week.

The attack, which is still being investigated, was discovered on May 2, earlier this year, by a security firm, which notified the agency.

While the DHSS made the incident public on May 18 and published two updates in June and August, the agency did not reveal any details about the intrusion until last week, when it officially dispelled the rumor that this was a ransomware attack.

Instead, the agency described the intruders as a “nation-state sponsored attacker” and “a highly sophisticated group known to conduct 

complex cyberattacks against organizations that include state governments and health care entities.”

Attackers entered DHSS network via a vulnerable website

Citing an investigation conducted together with security firm Mandiant, DHSS officials said the attackers gained access to the department’s internal network through a vulnerability in one of its websites and “spread from there.”

Officials said they believe to have expelled the attacker from their network; however, there is still an investigation taking place into what the attackers might have accessed.

In a press release last week [PDF], the agency said it plans to notify all individuals who provided their personal information to the state agency.

“The breach involves an unknown number of individuals but potentially involves any data stored on the department’s information technology infrastructure at the time of the cyberattack,” officials said.

Data stored on the DHSS network, and which could have been collected by the nation-state group, includes the likes of:

Full namesDates of birthSocial Security numbersAddressesTelephone numbersDriver’s license numbersInternal identifying numbers (case reports, protected service reports, Medicaid, etc.)Health informationFinancial informationHistorical information concerning individuals’ interaction with DHSS

Notification emails will be sent to all affected individuals between September 27 and October 1, 2021, the DHSS said.

The agency has also published a FAQ page [PDF] with additional details about the nation-state attack.

“Regrettably, cyberattacks by nation-state-sponsored actors and transnational cybercriminals are becoming more common and are an inherent risk of conducting any type of business online,” said DHSS Technology Officer Scott McCutcheon.

All systems breached by the intruders remain offline. This includes systems used to perform background checks and systems used to request birth, death, and marriage certificates, all of which are now processed and reviewed manually, in person or via the phone.

The post Alaska discloses ‘sophisticated’ nation-state cyberattack on health service appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

Daily NCSC-FI news followup 2020-02-11

Will an immobilizer save your car from being stolen? www.kaspersky.com/blog/36c3-immobilizers/32419/ Automobiles are getting ever smarter, and cracking them with a crowbar and a screwdriver is getting ever more difficult. Statistics back up that assumption: According to research from Jan C. van Ours and Ben Vollaard highlighting car theft and recovery data, vehicle theft decreased by […]

Read More

[HackerNews] SafeDNS: Cloud-based Internet Security and Web Filtering Solution for MSPs

All posts, HackerNews

Remote workplace trend is getting the upper hand in 2022. A recent survey by IWG (the International Workplace Group) determined that 70% of the world’s professionals work remotely at least one day a week, with 53% based outside their workplace at least half of the week. Taking this into consideration, organizations have started looking for […]

Read More

[ThreatPost] 30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware

All posts, ThreatPost

The previously unknown SnapMC group exploits unpatched VPNs and webserver apps to breach systems and carry out quick-hit extortion in less time than it takes to order a pizza. Source: Read More (Threatpost)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.