258K individuals affected in 5 yearslong Wisconsin hack, possibly by elected official

For nearly five years, data contained within the computer systems and networks of Adams County in Wisconsin — including personally identifiable information, protected health information and tax information — of 258,120 individuals had been inappropriately accessed, possibly by an elected official, Healthcare Info Security reports.

Local news sites have reported the Wisconsin Division of Criminal Investigation filed search warrants on Aug. 3 and Aug. 6 to investigate a laptop computer used by Adams County Clerk Cindy Phillippi. A search warrant affidavit alleges Ms. Phillippi installed a keylogging malware, a tool that captures keystrokes, on nearly all computers owned by the county. However, she has not been criminally charged.

On March 28, county IT officials discovered "questionable activity" on the county's computer system and network. The breach was confirmed in late June, and a separate investigation determined that sensitive information had been inappropriately accessed between Jan. 1, 2013, and March 28, 2018.

"Unauthorized individual(s) obtained rights, usernames and passwords by manipulation of certain software programs on the Adams County computer network and system that allowed them access to environments that were beyond their role and/or department. The access to PII, PHI and [tax information] was beyond any authorized purpose to use, disclose or request such information," the county's notice states.

The compromised data was stored on systems in various county departments, including the Veteran Service Office, Extension Office, Adams County Employees, Solid Waste, Health and Human Services, and Child Support and Sheriff's Office. However, there is no evidence any of the information has been misused or that any incidents of identity theft have occurred.

The Adams County personnel director has reportedly asked the Adams County Board to hear charges against Ms. Phillippi, according to a "verified statement of charges" reviewed by WAOW in Wausau, Wis. The director is also requesting that Ms. Phillippi be removed from her elected office.

Ms. Phillippi reportedly claims she asked for access to computer records to investigate a county department head she believed was accessing pornography on a county-issued computer, according to Healthcare Info Security.

Healthcare Info Security said its attempts to reach Ms. Phillippi have been unsuccessful, as the Wisconsin phone numbers listed under her name have been disconnected or are no longer in service.

More articles on cybersecurity:

Security holes in Maryland's Medicaid system put patient data at risk, OIG finds
Homeland Security issues alerts for some Philips medical devices
Georgia university risks health, personal information of 417K in breach from 1 year ago

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Webinars

Featured Whitepapers