Ramsey County increased victim count to 117,905 in the 2018 Phishing Attack

As per latest update, Ramsey County discovered that many more individuals were impacted in the Aug. 9, 2018, phishing attack than was previously thought. Now in a Sep. 2019 update, the number of impacted victims has been increased to 117,905 from 599.

Initially the breach report stated that 26 employees email accounts were compromised as a result of a phishing attack. The attackers who are responsible conducted this attack, so as to re-route the employees' paychecks. The cyberattack was identified, and the attackers were successfully stopped by the county officials on the same day when the attack was discovered. The county officials said that the affected accounts were secured and law enforcement was also informed.

An investigation has been launched with assistance of an outside forensics company. The initial investigation concluded on Oct. 12, 2018. As per initial breach report, 599 clients were affected. Ramsey County reported about this breach to HHS' Office for Civil Rights on Dec. 11, 2018, and then also notified the affected clients.

The notification was again updated in Jul. 2019 to raise the number of individuals impacted to 4,638. And, now as per latest update, 117,905 individuals were possibly affected by the Aug. 2018 phishing attack.

The personal data as well as some medical information of individuals got compromised during this email hacking attack. The emails contain spreadsheets as well as attachments related to the program appointments, which also includes those from Minnesota Department of Human Services' C&TC (Child and Teen Checkups) program. The data that was impacted included names, contact details, dates of birth, names of the patients' representatives, patient identifiers, patient master index numbers , identification numbers of Women, Children, and Infant, appointment dates, and appointment types.

The emails did not have the social security numbers, prescription, diagnosis information, credit cards, or any kind of financial data. No proof of data theft has been uncovered, and also no reports were received that indicates there has been misuse of the patient information.

The county has updated their password protections, implemented additional data security software, improved security training, and took some other important steps in order to ensure protection of the accounts, and hence data. More importantly, the officials said that they are revamping their email retention procedures.

» SPAMfighter News - 10/1/2019