The Alaska Office of Children's Services suffered a data breach after the state's Department of Health and Social Services (DHSS) said some of its computers were infected with an unknown Trojan. The department said two of its computers involved with the OCS were infected on 5 and 8 July, potentially compromising the personal data of more than 500 individuals.
The DHSS said it is still unclear whether any data was accessed in the breach. However, the targeted computers did contain reports and documents that listed individuals' personal information, medical diagnosis and observations, family case files and other related data.
After discovering the breach, the department said it took "immediate action" to halt any further unauthorised access to the compromised computers.
"The DHSS Information and Security team continues to work quickly to determine the scope of data potentially accessed and will provide up-to-date information to Alaskans who may have been impacted by this event," DHSS said in a statement. "Preliminary investigations indicate that information potentially accessed from this breach originated in the Western region."
DHSS has urged residents who have had prior contact with the OCS to contact the department to determine if their information was compromised in the attack. It has also asked people involved with the OCS to take actions to safeguard against possible identity theft.
The OCS has filed a Hipaa (Health Insurance Portability and Accountability Act) breach notification regarding the incident. The Hipaa Breach Notification Rule mandates that any entities covered by Hipaa and their associates must notify affected individuals, the US Department of Health and Human Services Secretary and, in some cases, the media, of a breach involving unsecured protected health information.