25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Zeus Trojan Infection Potentially Resulted in Theft of PHI from Alaska DHSS

Posted By on Jul 3, 2018

The Alaska Department of Health and Social Services (ADHSS) is notifying ‘more than 500’ individuals that some of their protected health information (PHI) has potentially been accessed and stolen by hackers.

On April 26, the ADHSS discovered malware had been installed on an employee’s computer after suspicious behavior was detected. The investigation revealed malware had been installed – a variant of the Zeus/Zbot Trojan – which is known to be used to steal sensitive information.

The malware was discovered to have communicated with IP addresses in Russia, although it is not known whether the attackers are based in Russia or just using Russian IP addresses. ADHSS has not confirmed whether protected health information was exfiltrated to those IP addresses, although data access and theft of PHI is a possibility.

Under the Health Insurance Portability and Accountability Act, HIPAA-covered entities must report data breaches as soon as possible, but no later than 60 days following the discovery of a breach. AHDSS chose to delay the issuing of notifications until just before the deadline to allow investigators to determine the nature and extent of the breach.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The infected computer contained a range of documents that included sensitive information of individuals in the Northern region of Alaska. Patients affected by the breach had previously had dealings with the ADHSS division of Public Assistance (DPA) through the DPA Northern regional offices.

The types of information potentially stolen include first and last names, phone numbers, dates of birth, pregnancy status, death status, incarceration status, Medicaid/Medicare billing codes, Social Security numbers, driver’s license numbers, and other confidential information.

In its breach notice, ADHSS explained it had multiple layers of security in place to prevent malware infections, but in this instance those defenses had been bypassed.

Immediately after the virus was discovered the computer was taken offline to prevent any further data access. The ADHSS Information Technology and Security team is continuing to investigate the breach and will be implementing additional protections to prevent further breaches of this nature.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist