Residents of Clay County are being informed about a data security incident by officials. On Friday, they started sending letters to the residents. The letters said as follows:
We recently learned of a cyber incident involving personal data connected to people we serve and/or their household members in Clay County, Minnesota (“Clay County”). Because we are dedicated to the privacy and security of all information about the people who use our services and the data we host for other Minnesota Counties, we take this issue very seriously. As of right now, we are not aware of any information related to this incident being misused.
Mail notifications were sent by Clay County to those whose personal information or protected health information was affected by this incident starting on December 22, 2023. Regretfully, we lacked the necessary contact details for some people to receive written notice.
To notify those individuals for whom we do not have sufficient contact information, we are posting this notice on our website and offering a toll-free phone number, (800) 459-5922, which can be called Monday through Friday, 8 AM to 8 PM CST (excluding major U.S. holidays). Kindly ensure that you have the Engagement Number B112010 ready to provide.
The electronic document management system, or “CaseWorks,” is hosted by Clay County and utilized by other Minnesota County social services organizations. On October 27, 2023, Clay County discovered that its network had been compromised by a ransomware attack.
To securely resume operations, conduct an investigation, and ascertain the incident’s effects, Clay County promptly launched its incident response procedure and commenced collaborating with its local information technology partner. In addition, Clay County notified the Minnesota Department of Human Services and federal law enforcement and collaborated with a nationally renowned digital forensics firm to support the investigation. After conducting an investigation, Clay County discovered that between October 23, 2023, and October 26, 2023, its network was accessed without authorization. Additionally, the cybercriminals behind this attack stole some data from Clay County’s network.
As soon as Clay County became aware of this, it started informing the other affected counties and initiated a thorough investigation to find out what information might have been involved and who might have been impacted, enabling us to give notice.
After finishing that review, Clay County is informing the people who were found to be affected. What Details Were Included Our investigation revealed that the impacted data comprised a person’s name along with some or all of the following categories of information: Social Security number, address, birth date, details about the services you received from Clay County Social Services, including service locations and dates, client ID number or other unique identifiers, insurance identification number, and/or insurance or billing information
Upon searching Dark Web sources, Clay County investigators discovered no evidence of any personal information held by the County being released or put up for sale as a consequence of this incident. Clay County has taken or plans to take the following actions to strengthen its security even more and aid in averting such incidents in the future:
- Added multi-factor authentication to the CaseWorks application for any remote access.
- Updated protocols for any vendors requiring external access
- Added security tools to improve detection and hasten the handling of cyber incidents
- Improving the application’s technical security for CaseWorks
Additionally, Clay County is informing the US Department of Health and Human Services and all relevant state regulators about this incident in accordance with the applicable compliance obligations and responsibilities.
To safeguard your information, we advise you to take the following precautions:
- Read account statements, free credit reports, and health insurance Explanation of Benefits (EOB) forms frequently to look for any unusual or suspicious activity. This will help you stay vigilant for fraud and identity theft incidents. At the conclusion of this letter, you will find details on further precautions to take to safeguard your data, such as how to get a free credit report and security freeze.
- Notify your state Attorney General, local law enforcement, and the main credit bureaus of any incidents involving suspected identity theft.
A ransomware attack was reported in October in Clay County, Minnesota
A notice regarding an October ransomware attack was posted on Clay County’s website on December 22.
As per the notification, the county ascertained on October 27, 2023, that a ransomware attack had affected its network from October 23 to October 26. The attack had an impact on the electronic document management system (also known as “CaseWorks”) that Clay County hosted and that other social service organizations in Minnesota County utilized.
Following an inquiry, the county discovered that the impacted records contained the name of the affected person along with some or all of the following: Social Security number, address, date of birth, and details about the services that Clay County Social Services offers, including client identification numbers, service locations, dates, and times.
The county concluded that, despite the involvement of private and protected health information, there was no proof of improper use of any data they provided or hosted for other counties. In their exploration of the dark web, no data has turned up. Neither Clay County nor “CaseWorks” are listed, nor does DataBreaches’ search of ransomware group leak sites turn up any information about individuals or groups claiming responsibility for the attack.
The notice from the county does not specify how many individuals were impacted in total or how many had access to protected health information. Despite being reported, the incident has not yet appeared on HHS’s public breach tool. There’s a nice surprise in the transparency, but it’s disappointing that no free services were provided to those whose SSNs were involved. According to the notice.