A Red Deer woman worries her personal information is still at risk after the ransomware attack this summer on the company that administers low-income and seniors health benefits programs for the province.
On Tuesday that company, Alberta Dental Service Corporation (ADSC), said so far no one has been negatively impacted by the attack.
The woman, who did not want her name used, said her name, address, date of birth and details related to her dental claims were accessed according to a letter she received in late August from Alberta Health Services and ADSC.
The letter said the data was deleted by those behind the attack, but there is no way to guarantee that was done.
“That’s a lot of information to have. How do you know how far it’s going to go, and what they’re going to use it for?” she said.
On August 10, Alberta Dental Service Corporation, which administers programs such as Assured Income for the Severely Handicapped and the Dental Assistance for Seniors Program, announced that information about 1.47 million people was compromised. Of those, less than 7,300 had personal banking information on file.
Between May and July 9 a portion of its IT infrastructure was accessed and malware was used which encrypted some of the company’s systems and data, making them temporarily inaccessible. Information of people enrolled in programs and health providers were impacted.
Related:
Cyberattack on government service provider exposes records of 1.4 million Albertans
ADSC president Lyle Best said it’s been over two months since the breach was made public and TransUnion, which does credit monitoring, has not reported any incidents.
“My own staff were the ones with the most potential exposure. It had their social insurance numbers, their payroll numbers, everything, because they are our employees but nothing has happened,” said Best, adding information kept on the ADSC network has been reduced since the hack.
Things may happen that people believe are related the breach, but that’s coincidence, he added.
Best said how the hacker accessed the system has not been determined. But whoever hacked the system made the hack known on the dark web to sell the information, and it was sold to Russian ransomware group 8base.
He was told by those negotiating on behalf of ADSC that typically cyber criminals just want the money so after they are paid, they don’t renege on their deal.
“Apparently there is honour among thieves. They don’t want to be seen going back on their word, if you can trust a crook. So far, nothing has happened,” Best said.
Related:
House of Commons to vote on bill for dental care benefit, rental support this week
ADSC advised those impacted to monitor their bank accounts and credit history; contact ADSC if they get emails, phone calls or text messages supposedly from ADSC asking for financial or personal information; change online passwords for financial and other sensitive accounts regularly; never respond to unsolicited requests for their financial information and be careful when sharing personal information unsolicited, whether by phone, email or on a website; and avoid clicking on links or downloading attachments in suspicious emails.
ADSC has worked with third-party cybersecurity experts to complete a comprehensive investigation and has implemented enhanced security safeguards.
szielinski@reddeeradvocate.com
Like us on Facebook and follow us on Twitter