Montana officials on Tuesday revealed that a data security breach into the state’s health department computer server has exposed health care and bank account information of around 1.3 million people to the hackers.
According to a news release, the malware was discovered on the health agency’s server on May 22, a week after information technology employees noted suspicious activity on the server.
The DPHHS said that it is notifying all the affected people including the current and former medical patients, health agency employees and contractors. The department confirmed that no data was lost or deleted in the attack, and that the availability of services will not be affected.
The Montana government said that it is offering free credit monitoring and identity-fraud insurance to all those individuals whose personal information was exposed in the attack for a year.
“We have absolutely no indication the criminals who illegally entered the server had any interest in the data they accessed in any way, shape or form, and we have no reports of people’s identities being stolen,” DPHHS director Richard Opper said in a statement.
“Out of an abundance of caution, we are notifying those whose personal information could have been on the server.”
“Again, we have no reports, nor do we have any evidence that anyone’s information was used in any way, or even accessed,” Opper said.
In addition to Social Security numbers, birth dates and names of patients, the server also contained such data as bank account numbers, medical diagnoses, treatments, dates of service and prescriptions, he said.
“We’re just really grateful that apparently the citizens haven’t been harmed,” Opper said.
The state said it has since restored the affected systems and updated the security “to better protect sensitive information on existing servers.”