HQ/EMEAFind out how we can help your business
The Hawaiian Department of Health disclosed that the state’s death registry suffered a data breach incident last January. The department has already distributed notification letters regarding the limited access of the hackers during the attack.
Based on reports, families who recently had a death within their group should be wary about unsettled matters like life insurance claims, Social Security benefits, accounts, and estate.
The Department of Health also revealed that they received the news regarding the incident; a researcher notified multiple state agencies about the credentials for an external medical death certifier account posted on the dark web.
The data breach accessed thousands of death registry records from Hawaiian families.
According to investigations, the data breach operators accessed more than 3,000 death registry records last month despite the immediate deactivation of the external account.
The accessed documents contained the date of death from 1998 to the present, with about 90% from 2014 or earlier. The department also clarified that financial and legal matters require death certificates for settling. However, there is a separate department that generates the death certificates.
Officials enumerated that the death registry records include the dead person’s name, social security numbers, permanent address, sex, DoBs, place of death, and cause of death. Furthermore, the Hawaiian government certifies nearly 100% of death certificates.
The Department of Health reviewed the other records that do not have certifications and confirmed that the hackers did not reach the uncertified documents.
The data breach notification will continue to contact anyone listed in the EDRS system as a surviving spouse or person who reported the death. Unfortunately, a compromised account is owned by a medical certifier who worked for a hospital. Still, it already lost its job in June 2021, but the authorities had not deactivated the account.
Hawaiian officials stated that they plan to place more security measures for all external accounts that relate to EDRS. Currently, they are in the process of reviewing all external accounts.
The department has yet to respond to any questions, but an investigation showed that a couple of IP addresses accessed the compromised system.
