Cyber Incident Victim: Pennsylvania Department of Health

On June 20, 2018, the Pennsylvania Department of Health discovered unauthorized access to an internal website within its birth certificate system. The breach prompted immediate action, with officials taking the system offline for emergency maintenance. The outage lasted nearly a week, with services remaining unavailable until June 26. Dan Egan, spokesman for the Office of Price Administration—the entity managing computer systems for Governor Tom Wolf's executive agencies—publicly confirmed the incident on July 13. Investigators determined the hacker did not steal or alter any citizen records stored within the system. The Office of Price Administration coordinated the technical response while initiating a formal investigation into the intrusion's origin and methods. No details were disclosed regarding the specific vulnerability exploited or the attacker's identity.

The incident caused operational disruption to birth certificate services throughout the six-day shutdown period, though no evidence suggested public data compromise. Maintenance activities during the outage focused on securing the system before restoring public access. As of the July 13 disclosure, the investigation remained active with no conclusive findings released regarding the attack's full scope or motives. The Pennsylvania Department of Health maintained functionality in other systems unrelated to the birth certificate platform throughout the incident. Egan's statement emphasized the absence of data exfiltration or manipulation while acknowledging the ongoing forensic examination of the breached internal website.