Some computer networks at the Alaskan health department are still offline after foreign government-backed hackers breached the department in May, a spokesperson told CNN on Monday.
News of the breach first emerged in May, but Alaskan officials now say that “nation-state sponsored” hackers exploited a vulnerability in the health department’s website to gain further access to department data. The hackers may have accessed Alaskans’ Social Security numbers and health and financial information, officials said.
“There is still no timeline for when all services that are currently offline will be back online,” Clinton Bennett, a spokesperson for the Alaska Department of Health and Social Services, told CNN. He pointed to the department’s large and complex IT infrastructure in explaining the long recovery time.
Bennett declined to comment when asked which foreign government was behind the intrusions, or what the attacker’s motives were.
The news underscores the arduous process that organizations face in fully recovering from a complex breach. The Alaskan health department didn’t restore its electronic system for processing birth, death and marriage certificates until July 26, according to the department’s statement.
The FBI and US Cybersecurity and Infrastructure Security Agency declined to comment on the breach. Mandiant, a cybersecurity firm hired to investigate the breach, declined to comment.
Alaskan officials will offer credit monitoring services to breach victims to guard against fraud.
“There is real concern that this group will come back to try again, so we continue to make our environment more resilient while monitoring our systems for new threats,” the department said in a September 16 statement.
“Regrettably, cyberattacks by nation-state-sponsored actors and transnational cybercriminals are becoming more common and are an inherent risk of conducting any type of business online,” said Scott McCutcheon, the department’s technology officer.
Health and other sensitive personal data can be valuable information for foreign spies. In another example, the US government has blamed Chinese hackers for the 2015 breach of health insurer Anthem, and the 2017 breach of credit-monitoring firm Equifax. US intelligence officials worry that Beijing could use that trove of data to track the movement of US citizens.