Arrow-right Camera
The Spokesman-Review Newspaper
Spokane, Washington  Est. May 19, 1883

Chinese-language website hacks into Montana agency computers

Matt Volz Associated Press

HELENA – Hackers broke into a Montana health department computer server through software in need of a security upgrade after a Chinese-language website last year identified the department’s server as vulnerable, state officials said Friday.

Malware, which is software that can steal information, damage a computer system or bring it down, was discovered on the Department of Health and Human Services server on May 22 after an analysis by the forensic investigation firm Kroll, Montana Chief Information Officer Ron Baldwin said.

The malware was installed in or after July, which is when the health department’s computer server was first hacked and a website listed the health department computer server as vulnerable to attack, Baldwin said.

The website, Wooyun.org, was discovered in the forensic investigation. The website describes itself as a platform for security researchers to report vulnerabilities.

“It’s like a blog that hackers use to inform each other and brag to each other about what they know. It’s exposing the information because they can,” Baldwin said.

The health department’s server contained personal information and health records for a still-unknown number of people the department serves, along with bank account information for the department’s 3,100 employees.

There is no evidence from the forensic investigation that the information was stolen or used, and there has been no known spike in identity thefts or bank accounts accessed, said Richard Opper, director of the state Department of Public Health and Human Services.

However, the agency doesn’t definitively know whether the information was accessed, so officials will offer free credit monitoring and identity-fraud insurance as a protective measure.

The hackers used third-party software to break into the server and plant the malware. The security patch to protect that vulnerability was not available until a few weeks ago, but by then it was too late, Baldwin said.