I posted something about this breach over on phiprivacy.net yesterday, but thought this update would be of special interest to this blog’s readers. Matt Volz of AP reports:
Hackers broke into a Montana health department computer server through software in need of a security upgrade after a Chinese-language website last year identified the department’s server as vulnerable, state officials said Friday.
Malware, which is software that can steal information, damage a computer system or bring it down, was discovered on the Department of Health and Human Services server on May 22 after an analysis by the forensic investigation firm Kroll, Montana Chief Information Officer Ron Baldwin said.
The malware was installed on or after July, which is when the health department’s computer server was first hacked and a website listed the health department computer server as vulnerable to attack, Baldwin said.
The website, Wooyun.org, was discovered in the forensic investigation. The website describes itself as a platform for security researchers to report vulnerabilities.
Read more on Centre Daily Times.