Nation-state espionage group breaches Alaska Department of Health – Ars Technica

Front page layout
Site theme
Sign up or login to join the discussions!
– Sep 20, 2021 8:10 pm UTC
Last week, Alaska’s Department of Health and Social Services (DHSS) disclosed a security breach apparently made by a sophisticated nation-state level attacker.
According to DHSS—which contracted with well-known security firm Mandiant to investigate the breach—the attackers gained a foothold inside DHSS’ network via one of its public-facing websites, from which it pivoted to deeper resources.
This is not the first report of the DHSS breach. The organization first publicly announced the intrusion on May 18, with a June update announcing a multipronged investigation, and one more in August on completion of the first of three investigatory steps.
In the August update, DHSS disclosed that Mandiant—a subset of larger infosec firm FireEye—completed its initial investigation and concluded that the intrusion was a direct, sophisticated attack rather than a simple drive-by ransomware infestation. “The type of group behind this disruptive attack is a very serious operation with advanced capabilities,” said DHSS Commissioner Adam Crum.
According to DHSS Technology Officer Scott McCutcheon, the attackers were both advanced and persistent: “This was not a ‘one-and-done’ situation, but rather a sophisticated attack intended to be carried out undetected over a prolonged period. The attackers took steps to maintain that long-term access even after they were detected.”
The majority of the technical detail provided by Alaska DHSS came in the August update—last week’s notification instead concerned the attack’s impact on Alaskan citizens.
A security monitoring firm performing proactive surveillance first noticed signs of an intrusion on May 2. Alaska’s Office of Information Technology (Security Office) notified DHSS of unauthorized computer access on May 5, after which DHSS reports it immediately shut down systems to deny attackers further access to protected data.
During that (at least) three-day window, attackers potentially had access to personal data, some of which constitutes breach of both HIPAA and Alaska Personal Information Protection Act (APIPA). The number of individuals involved in the attack is still unknown, as is exactly what data may have been exfiltrated—but the attackers potentially had access to “any data stored on the department’s information technology infrastructure,” including but not limited to the following:
In response, the state of Alaska is offering free credit monitoring to “any concerned Alaskan.” All Alaskan citizens who have applied for a Permanent Fund Dividend will receive an email notification describing the breach and offering a code for the free credit-monitoring service. Concerned Alaskans who do not receive an emailed code will need to contact a toll-free hotline which will be available at the DHSS website beginning Tuesday, September 21.
You must to comment.
Join the Ars Orbital Transmission mailing list to get weekly updates delivered to your inbox.
CNMN Collection
WIRED Media Group
© 2021 Condé Nast. All rights reserved. Use of and/or registration on any portion of this site constitutes acceptance of our User Agreement (updated 1/1/20) and Privacy Policy and Cookie Statement (updated 1/1/20) and Ars Technica Addendum (effective 8/21/2018). Ars may earn compensation on sales from links on this site. Read our affiliate link policy.
Your California Privacy Rights | Do Not Sell My Personal Information
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast.
Ad Choices