On May 22nd, an independent forensic investigation determined a DPHHS computer server had been hacked. The forensic investigation was ordered on May 15th when suspicious activity was first detected by DPHHS officials. When the suspicious activity was discovered, agency officials immediately shut down the server and contacted law enforcement.
In recent weeks, DPHHS staff has been thoroughly reviewing all files on the server to determine those individuals to be notified.
DPHHS clients are being notified because information on the server included demographic information, such as names, addresses, dates of birth, and Social Security numbers. The server may also have included information regarding DPHHS services clients applied for and/or received. Client information may include information related to health assessments, diagnoses, treatment, health condition, prescriptions, and insurance.
This incident should not impact DPHHS services as none of the information contained on the server was lost and even if it was, the department has an up-to-date back-up of the information.
DPHHS contractors and current and former employees are being notified because the information on the server may have included their names, addresses, dates of birth, Social Security numbers, bank account information and dates of service.
The number of individuals being notified represents the number and breadth of programs DPHHS administers, plus the length of time the agency is required by state and federal law to maintain its records. For example, Vital Statistics, which maintains the birth and death records for the state, is part of DPHHS. Those records were on the server.
The state is offering free credit monitoring and insurance to eligible individuals who receive a letter. The letters include detailed instructions about how to sign up for this recommended service, including their own personal activation code.
According to State of Montana Chief Information Officer Ron Baldwin, the state upgraded its property insurance policy in 2013 to include cyber/data security coverage for incidents such as this one. The policy provides coverage of up to $2 million to cover costs associated with the toll-free Help Line, mailing notification letters, free credit monitoring and other services. State officials expect the majority of costs associated with this incident to be covered by insurance.
The state has taken several steps to further strengthen security, including safely restoring all systems affected, adding additional security software to better protect sensitive information on existing servers, and continually reviewing its security practices to ensure all appropriate measures are being taken to protect citizen information.