Last week, Alaska’s Department of Health and Social Services (DHSS) disclosed a security breach apparently made by a sophisticated nation-state level attacker.
According to DHSS—which contracted with well-known security firm Mandiant to investigate the breach—the attackers gained a foothold inside DHSS’ network via one of its public-facing websites, from which it pivoted to deeper resources.
A months-long saga
This is not the first report of the DHSS breach. The organization first publicly announced the intrusion on May 18, with a June update announcing a multipronged investigation, and one more in August on completion of the first of three investigatory steps.