Malware attack affected 100k Alaskan households back in April 2018

Department of Health and Social Services data breach, dating back in Spring 2018, is announced with more victims

Data breach in Alaska discovered after a while100 000 Alaskan households affected in 2018 data breach due to possibly Russian trojan.

It seems that an infamous Zeus virus,[1] apparently relaunched by Russian attackers, impacted more than 100 000 households in Alaska in April 2018. As the Department of Health and Social Services has reported, the affected ones include the users of the Division of Public Assistance programs, including such programs as Medicaid and SNAP.[2]

The director of the Division of Public Assistance, Shawnda O'Brien, stated in her report:

I think it is important to reassure folks that every step that we can possibly take to prevent this kind of happening has been put in place, but unfortunately, there are some viruses we just aren't able to be prepared for.

At first, it was believed that the breach affected only 500 Alaska citizens, but the attack was examined more thoroughly and new findings were made. Further investigations of the State of Alaska, Office of Information Technology and the FBI have revealed that the attack is related to the Russian attacker who was relying on Russia-based IP addresses while interacting with infected computers during the crime.[3]

The virus bypassed several security layers and targeted the main computer used for storing confidential documents related to the clients. Unfortunately, the hacker managed to take over people's names, social security numbers, birth dates, addresses, information about patients' health, benefits, and income.

The suspected breach was first reported in June 2018

DHSS notified its users about the breach publicly back in June 2018. The message stated about the cyber attack that took the place on April 26, when the computer belonging to the Department of Public Assitance was infected with the Zeus virus. The infection was discovered four days later and was believed to impact no more than 500 Alaskans.

When DHSS went public, it was reported that data was taken from the Division of Public Assitance and applicants of the following programs got affected:

  • Medicaid;
  • SNAP;
  • Senior benefits related to Medicaid;
  • Disabilities related to Medicaid;
  • Adult public assistance;
  • other PII.[4]
Additionally to these people, notifications were sent to people whose households got impacted. The letter told recipients about the steps that have already been taken to prevent any further attacks. As the public DHSS letter reads, they are working on preventing such attacks in the future.
Unfortunately, there was more damage than DPA thought. As O'Brien stated in January 2019, they do not indicate the later usage of this information. These notifications were released to protect people in case they feel something is happening with their personal information.

DHSS was also been dealing with the trojan attack back in 2017

The Russian-based Trojan attack in 2018 was not the first cyber attack on the Department of Health and Social Services. Back in July 2017, two computers were affected by trojans that led to a data breach involving various information about patients.[5]

On July 5 and July 8, malware got into the system by hiding the malicious purpose behind legitimate software. During the attack, various family case files, personal information, health details were potentially accessed. It affected drives which contained the Office of Children's Services. At the time, DHSS officials stated:

Upon discovery of these events, the department took immediate action to mitigate further access to the infected computers. The DHSS Information Technology and Security team continues to work quickly to determine the scope of data potentially accessed

About the author
Jake Doevan
Jake Doevan - Computer technology expert

Jake Doevan is one of News Editors for He graduated from the Washington and Jefferson College , Communication and Journalism studies.

Contact Jake Doevan
About the company Esolutions