The Department of Public Health and Human Services (DPHHS) in the State of Montana suffered a massive data breach that affected 1.3 million people, which is a higher number than the state's population (1.01 million).
The incident occurred when hackers gained entry to the DPHHS computer server last month. The state says that an independent forensic investigation determined the server had been breached on May 22. The suspicious activity was first detected a week earlier.
The information that was accessed included demographic information, such as names, addresses, dates of birth, and Social Security numbers. It may have also included information regarding DPHHS services clients applied for and/or received as well as health assessments, diagnoses, treatment, health condition, prescriptions, and insurance. The 1.3 million people, as well as DPHHS contractors and current and former employees, are all being notified that their information may have been accessed by the hackers.
The reason the number is higher than the population of Montana is that some of the information was on former residents of the state, the agency says.
The last state government agency to have this kind of breach, Alaska, ended up paying the government $1.7 million for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.