Zeus Trojan Infection Potentially Resulted in Theft of PHI from Alaska DHSS

Share this article on:

The Alaska Department of Health and Social Services (ADHSS) is notifying ‘more than 500’ individuals that some of their protected health information (PHI) has potentially been accessed and stolen by hackers.

On April 26, the ADHSS discovered malware had been installed on an employee’s computer after suspicious behavior was detected. The investigation revealed malware had been installed – a variant of the Zeus/Zbot Trojan – which is known to be used to steal sensitive information.

The malware was discovered to have communicated with IP addresses in Russia, although it is not known whether the attackers are based in Russia or just using Russian IP addresses. ADHSS has not confirmed whether protected health information was exfiltrated to those IP addresses, although data access and theft of PHI is a possibility.

Under the Health Insurance Portability and Accountability Act, HIPAA-covered entities must report data breaches as soon as possible, but no later than 60 days following the discovery of a breach. AHDSS chose to delay the issuing of notifications until just before the deadline to allow investigators to determine the nature and extent of the breach.

The infected computer contained a range of documents that included sensitive information of individuals in the Northern region of Alaska. Patients affected by the breach had previously had dealings with the ADHSS division of Public Assistance (DPA) through the DPA Northern regional offices.

The types of information potentially stolen include first and last names, phone numbers, dates of birth, pregnancy status, death status, incarceration status, Medicaid/Medicare billing codes, Social Security numbers, driver’s license numbers, and other confidential information.

In its breach notice, ADHSS explained it had multiple layers of security in place to prevent malware infections, but in this instance those defenses had been bypassed.

Immediately after the virus was discovered the computer was taken offline to prevent any further data access. The ADHSS Information Technology and Security team is continuing to investigate the breach and will be implementing additional protections to prevent further breaches of this nature.

Author: HIPAA Journal

Share This Post On