The US state of Montana is notifying 1.3 million people of a data breach at the state health department in July 2013 that went undetected until May 2014.
On 22 May, an independent forensic investigation determined that the server had been hacked. The forensic investigation was ordered on 15 May when suspicious activity was first detected.
State officials said in a statement that, when the suspicious activity was discovered, agency officials shut down the server and contacted law enforcement.
The compromised server has been removed from the network and replaced with a new server containing scanned backup files, the statement said.
State officials said the health department had installed additional security software to better protect sensitive information on existing servers. They said the department was reviewing existing policies and procedures to prevent similar breaches in the future.
The statement did not say why it took the health department nearly a year to discover the breach.
Although the population of Montana is only around one million, the state is notifying anyone who may have had personal data exposed, including former residents and families of deceased residents.
Information on the compromised server included names, addresses, birth dates, social security numbers, medical records, and birth and death certificates.
State officials say they do not believe hackers managed to extract any data, but have encouraged possible victims to sign up for a free credit monitoring service and identity fraud insurance.
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Related content from ComputerWeekly.com
RELATED CONTENT FROM THE TECHTARGET NETWORK