Chippewa County

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

In late February and early March 2023, Chippewa County, Wisconsin, experienced a data breach involving the Human Resources Division. An employee’s laptop was compromised through a remote access application that was inadvertently downloaded on February 28, 2023. This unauthorized access occurred when the employee clicked on a link or pop-up, which led to the download of the application. The breach was discovered on March 1, 2023, when the employee noticed unusual activity on their computer and promptly alerted the IT department. The IT team was able to block further access within approximately 5 minutes, but not before 25-35MB of data, including files containing protected health information (PHI) under HIPAA, were exfiltrated[2][4].

The compromised data included names, medical history numbers, prescription information, dates the prescriptions were signed, and the prescribing doctors’ initials. A total of 7 files containing PHI were identified, affecting 842 individuals. The county has reported this incident to the HHS’ Office for Civil Rights[2].

Chippewa County officials have taken steps to address the breach, including notifying affected individuals and implementing additional security measures to prevent future incidents. The breach was attributed to a drive-by download, likely initiated by the employee inadvertently clicking on a malicious link or pop-up. Despite the breach, county officials believe it was isolated to the one device and have expressed confidence in their other security safeguards[4].

This incident highlights the importance of cybersecurity awareness and training for all employees to prevent similar breaches in the future.

Citations:

  1. https://www.weau.com/2023/04/06/chippewa-county-government-office-is-notifying-residents-data-breach/
  2. https://www.hipaajournal.com/hacking-incidents-reported-by-chippewa-county-and-frideres-dental/
  3. https://www.weau.com/video/2023/04/06/chippewa-co-human-resources-div-data-breach/
  4. https://www.govtech.com/security/chippewa-county-wis-officials-report-data-breach
  5. https://lacrossetribune.com/chp/news/local/private-medical-information-may-have-been-compromised-in-chippewa-county-security-breach/article_eeaa3ade-d3e9-11ed-9493-3fbb9bb4fd00.html
  6. https://www.chippewacountywi.gov/government/district-attorney/crime-victim-witness/crime-victim-witness-services
  7. https://www.ladysmithnews.com/news/area_news/article_59b91f3a-d498-11ed-88be-af58e5666ab7.html
  8. https://datcp.wi.gov/Pages/Programs_Services/DataBreaches.aspx
  9. https://www.weau.com/2023/12/28/chippewa-county-da-investigation-into-sheriff-hakes/
  10. https://winonadailynews.com/news/local/business/health-care/lawsuit-filed-by-health-clinic-aims-to-delay-closure-of-hshs-hospitals-in-chippewa-valley/article_9e09e6e7-09ab-570e-b888-6bec2ea558fc.html
  11. https://news.yahoo.com/chippewa-county-acknowledges-security-breach-035900183.html
  12. https://www.co.chippewa.wi.us/about-us/chippewa-county-news/-arch-1
  13. https://www.leadertelegram.com/townnews/software/chippewa-county-acknowledges-security-breach/article_b8721f84-d3e6-11ed-a683-2f51b71fbbe8.html
  14. https://chippewa.com/news/local/business/health-care/lawsuit-filed-by-health-clinic-aims-to-delay-closure-of-hshs-hospitals-in-chippewa-valley/article_7a4e4ef4-c791-11ee-8723-370be5a587bc.html
  15. https://www.chippewacountywi.gov/about-us/legal-and-privacy-notice/legal-notice
  16. https://gray-weau-prod.cdn.arcpublishing.com/video/2023/04/06/chippewa-co-human-resources-div-data-breach/
  17. https://www.co.chippewa.wi.us/Home/Components/News/News/7630/16?npage=6
Breach Submission Date Apr 04, 2023
Converted Entity Name Chippewa County
Converted Entity Type Healthcare Provider
State WI
Individuals Affected 842
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes