Identity theft warning: Cyberattack on state website included personal data of Alaskans

DNA Code Sequence

The Alaska Department of Health and Social Services announced today details of a previous security breach of the Health Insurance Portability and Accountability Act (HIPAA) and the Alaska Personal Information Protection Act (APIPA).

The breach was caused by a highly sophisticated cyberattack on DHSS that was detected in May. Notification of the breach was delayed until now to avoid interference with a criminal investigation, the department said.

The breach involves an unknown number of individuals but potentially involves any data stored on the department’s information technology infrastructure at the time of the cyberattack.

Due to the potential for stolen personal information, DHSS urges all Alaskans who have provided data to DHSS, or who may have data stored online with DHSS, to take actions to protect themselves from identity theft.

Free credit monitoring is being made available to any concerned Alaskan as a result of this breach. More information about the breach, including the breach notification statement and frequently asked questions, are available at

On Tuesday, Sept. 21, a toll-free hotline will be available (5 a.m. to 5 p.m. Alaska time) to answer questions and assist people with signing up for the free credit monitoring service. That phone number and the website for the credit monitoring service will be provided on the DHSS website at

Between Sept. 27 and Oct. 1, email notices will be sent to all Alaskans who have applied for a Permanent Fund Dividend which will include a code they can use to sign up for the credit monitoring service.

People who don’t receive a code will need to contact the toll-free hotline for assistance. Questions may also be directed to DHSS at 1-888-484-9355 or [email protected], however the sign-up process for the credit monitoring service will need to go through the toll-free hotline available Sept. 21.

Alaskans should monitor for unusual activity on their online accounts and report any suspicious behavior to the appropriate authorities, DHSS said. For more information on how to avoid and report identity theft, visit the U.S. Federal Trade Commission’s (FTC) website,, or call 1-877-438-4338. The FTC will collect the details of your situation.

“Alaskans entrust us with important health information, and we take that responsibility very seriously,” said DHSS Commissioner Adam Crum. “Unfortunately, despite our best efforts at data protection, as the investigation into the cyberattack progressed, it became clear that a breach of personal and health information had occurred. We are notifying the public of this breach, as required by law, and want Alaskans who may have provided personal information to DHSS to exercise caution. Concerned Alaskans are encouraged to sign up for the free credit monitoring service being offered.”

“Regrettably, cyberattacks by nation-state-sponsored actors and transnational cybercriminals are becoming more common and are an inherent risk of conducting any type of business online,” said DHSS Technology Officer Scott McCutcheon. “As soon as this incident was discovered, our Information Technology staff acted swiftly to prevent further access by the attackers to its systems. All affected systems remain offline as we diligently and meticulously move through the three phases of our response. Work is continuing to restore online services in a manner that will better shield DHSS and Alaskans from future cyberattacks.”

“DHSS is continuing work to further strengthen its processes, tools and staff to be more resilient to future cyberattacks,” said DHSS Chief Information Security Officer Thor Ryan. “Recommendations for future security enhancements are being identified and provided to state leadership.”

Through proactive surveillance, a security monitoring firm noticed the first signs of the cyberattack on May 2. The State of Alaska Office of Information Technology Security Office then notified DHSS of unauthorized computer access on May 5. As soon as the attack was detected, DHSS immediately shut down systems to protect individuals’ information and deny further access by the attacker to DHSS data. Before DHSS implemented the shutdown, the attackers potentially had access to the following types of individuals’ information:

  • Full names
  • Dates of birth
  • Social Security numbers
  • Addresses
  • Telephone numbers
  • Driver’s license numbers
  • Internal identifying numbers (case reports, protected service reports, Medicaid, etc.)
  • Health information
  • Financial information
  • Historical information concerning a person’s interaction with DHSS

More details about this cyberattack can be found in the attached FAQ that was updated today, on, and in three previous press releases: 

More details about this cyberattack can be found in a FAQ that was updated on, and in three previous press releases: 


  1. Well, at one time I’d say someone that says what I’m about to say would sound like a tin-hatted conspiracy theorist, but I’m willing to bet the “hackers” worked for our own government.

  2. Looks like a distraction. There is a lot of information coming out in regards to the official covid narrative. Now suddenly there is a cyber attack to take everyone’s attention. Giving the people yet something else to be afraid of. Identity theft.

    Good thing I don’t participate in their systems.

    What a timeline to be alive.

  3. Good grief. And I can’t say ‘unbelievable’ because it is too believable. And whom is investigating, the FBI? Oh, but they are busy working on far more important issues such as rooting out all of that white supremacy. Next, who is responsible for DHSS systems and records security? What the heck have they doing? Or not….. The great privacy protection provided by HIPAA…….?

  4. It took the state 4 months before they notified the public. I have absolutely no faith in Government anymore. You would think that the amount of money the state government gets, that we would have top of the line cyber security.

  5. What a bunch of worthless wastes of space. Delayed telling us so there’s no interference with a criminal case is absurd. More like cover their derrieres. First the election was “hacked ” and now this? Ineptitude of staggering proportions or criminal conduct? I’m going with criminal conduct. Jab mandates combined with HIPAA security breach? Gee who woulda figgered on that!

  6. Great job once again SOA! That’s only the third time (that I’m aware of) you’ve lost all my and my family’s personal information to hackers. Excellent. But hey! Thanks for the two years of credit monitoring each time. Stellar. “Trust us, we’re from the government and here to help you”.

  7. Every time there is a Democrat leading the White House, there is always increase terror attacks on buildings, computers, people, schools.

  8. It’s not to hard to figure out why and how this happened. All these folks working from home on private computers. This clown show is proceeding exactly as planned. Yes planned. You ain’t seen nothing yet. Go read “Rules for Radicals” and see the number one way to control everything… “Health Care”. Enter the covid hoax. Everything falling into place and the Lemmings are falling for it. Going right over the cliff. The worthless masks are virtual signalers. When “THEY” see enough masks on the fearful, the next steps will be taken. Need I say more. Trust me. If you stand for this you’ll be kneeling soon. Wake up folks.

Comments are closed.