Up to 1.3 million records, including health care and bank account information, may have been exposed after a server at Montana’s public health department was hacked in May, the state said Tuesday.The server, which belonged to the Department of Public Health and Human Services, was shut down on May 22, a week after suspicious activity was noticed and an independent forensic investigation began, according to a news release.The state said it has no knowledge if data on the server was inappropriately used or accessed. The data was backed up.The server held information such as names, addresses, birth dates and Social Security numbers for services citizens had applied for or received. For some people, the information may have included data on health assessments, diagnoses, treatment, health condition, prescriptions and insurance, the state said. Birth and death records, part of the state’s Vital Statistics database, were also on the server.Contractors as well as current and former employees of the department may have been affected. The server contained their names, addresses, birth dates, Social Security numbers along with bank account information and dates of service, the state said. Those affected are being contacted by the department and will be offered free credit monitoring, according to a statement.Montana had upgraded its property insurance policy last year to include coverage for data security incidents. The US$2 million policy will cover costs such as setting up a toll-free help line, free credit monitoring and mailing notification letters, the state said.The policy should cover the “majority” of costs for this incident, it said.The state said it has since restored the affected systems and added additional security software “to better protect sensitive information on existing servers.”Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk Related content news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software news SpecterOps to use in-house approximation to test for global attack variations The new offering uses atomic tests and in-house approximation in purple team assessment to test all known techniques of an attack. By Shweta Sharma Sep 28, 2023 3 mins Penetration Testing Network Security Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe