Cyber Incident Victim: Montana Department of Public Health and Human Services
Date:
May 2014
Location:
United States of America
Summary
Hackers breached a computer server linked to the Montana Department of Public Health and Human Services, compromising sensitive personal and medical data—including Social Security numbers, birth dates, bank account details, diagnoses, treatments, and prescriptions—for approximately 1.3 million individuals, encompassing patients, employees, and contractors. While investigators found no evidence of identity theft or criminal interest in the stolen data, the agency implemented security upgrades following the intrusion and offered affected individuals free credit monitoring and identity protection insurance, with associated costs covered by a state cyber insurance policy. This marked the first successful large-scale cyberattack on a state agency in Montana, which routinely faces thousands of hourly hacking attempts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In May 2014, hackers of unknown origin successfully infiltrated a computer server connected to the Montana Department of Public Health and Human Services. The breach was detected on May 15 when a company monitoring the agency’s network identified suspicious activity, prompting health officials to immediately shut down the affected server. A subsequent forensic investigation confirmed unauthorized access had occurred, marking the first large-scale cyber criminal infiltration of a Montana state agency. The compromised server contained sensitive or confidential information belonging to approximately 1.3 million current and former medical patients, health agency employees, and contractors. Exposed data included Social Security numbers, birth dates, names, bank account numbers, medical diagnoses, treatments, dates of service, and prescriptions. Department Director Richard Opper stated investigators found no evidence suggesting the hackers had interest in the accessed data or that the breach resulted in actual identity theft. The incident occurred amid frequent cyber attacks on Montana’s systems, with Opper noting approximately 17,000 hourly hacking attempts targeting state infrastructure.
Following confirmation of the breach, the Montana Department of Public Health implemented security upgrades to its network systems. The agency offered free credit monitoring and identity protection insurance to all affected individuals, with associated costs covered by a state cyber insurance policy providing up to $2 million for such services. No reports of identity theft linked to the breach had been received at the time of Opper’s June 2014 statements. The incident reflected broader patterns of cyber attacks against public health agencies, as evidenced by a similar 2012 breach affecting 780,000 patients in Utah believed to have originated from Eastern Europe. Montana’s response focused on containment through server shutdown, forensic analysis, enhanced security measures, and financial protections for impacted individuals without confirming specific attacker motives or data misuse.