Alaska Mental Health Facility Blamed for Hack of Sensitive Files

The Health and Human Services Department is holding an Alaska mental health center accountable for compromising medical data by failing to protect against malicious code.

Anchorage Community Mental Health Services notified HHS in March 2012 about a breach of electronic health information. The center attributed the hack to “malware compromising the security of its information technology resources,” HHS said in a settlement agreement with ACMHS for violating the Health Insurance Portability and Accountability Act.

From January 1, 2008 until March 29, 2012, ACMHS neglected to take security measures intended to guard against hacks.  Specifically, the center did not make sure “firewalls were in place” to flag threats in network traffic and didn’t use appropriate tech support or ensure software was “regularly updated with available patches.”