A security breach at two computers of the state Office of Children's Services may have put more than 500 people at risk of having their personal information stolen, including confidential case files, the state Department of Health and Social Services said Friday evening.
The department issued a notification of the security breach and possible theft of people's information that evening.
The Office of Children's Services investigates child abuse and neglect, and manages programs including foster care. Family case files, personal information including dates of birth, medical diagnoses and other information may have been accessed, said Katie Marquette, communications director for the department.
The state is referring to what happened as a HIPAA breach – referring to the Health Insurance Portability and Accountability Act. But officials don't yet know if confidential information was accessed.
"We recognize the severity of this breach," Marquette said. "That is why we are notifying the public."
[With abuse reports rising in Alaska, Office of Children's Services launches statewide hotline]
Two OCS computers in the agency's western region were infected with a Trojan horse virus on July 5 and July 8, the department said. That is a method used by cyber thieves who trick computer users into giving them access, sometimes through an innocent-looking email attachment.
The region includes Bethel, Aniak and St. Marys as well as villages surrounding them. Information in the cases of concern originated in that region.
The state is not saying more about how the breach occurred. Marquette called it a personnel issue.
The breach wasn't discovered until later. A security team then worked to discover how many people might be affected.
"Before the alarm is sounded we want to make sure we know the severity of the breach," she said.
The alert on Friday came after the state realized that more than 500 people might be affected.
Individuals who have had contact with OCS can call 888-484-9355 to see if their information might have been compromised. The state also will post updates at dhss.alaska.gov.
Tips on how to protect yourself if your information was stolen are available at identitytheft.gov.
Among the tips: Place a fraud alert through one of the three credit bureaus. The Federal Trade Commission also recommends that individuals get a credit report, to see if unusual activity or problems occur. People can get a free annual credit report.
Around the time of the breach, the state began mandatory internet security training to help employees recognize suspicious activities, Marquette said.