County of Rock, WI
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The cybersecurity incident at the County of Rock, Wisconsin, involved a significant breach within the Rock County Human Services Department. This incident was discovered when suspicious activity, including the encryption of certain systems, was noticed on or about September 29, with the potential breach occurring between September 22-30. The attack was identified as a ransomware attack, commonly known for encrypting files and demanding a ransom for their release. In this case, the threat actor, identified as the Cuba ransomware gang (which has no connection to the country of Cuba), demanded a ransom of $1.9 million. However, neither Rock County nor its insurance carrier paid the ransom[3].
The Cuba ransomware gang is believed to be connected to the Russian state, targeting government systems in various countries. This group has been involved in attacks against 100 organizations worldwide, accumulating about $60 million[15]. The breach resulted in the theft of employee and client information, including sensitive personal and health information such as Social Security numbers, medical information, driver’s license numbers, financial account information, and health insurance details[3].
Rock County Human Services Department responded to the incident by working with third-party cybersecurity experts to investigate and mitigate the impact. They have taken steps to support affected individuals, including offering guidance and complimentary credit monitoring services. Notices have been sent to impacted parties, and a toll-free response line has been established for inquiries[1].
Despite the breach, the county has stated that there is no evidence of fraud or identity theft occurring as a result of the attack. The county’s operations, including employee work and consumer access to care, have continued as normal, with the exception of the GIS (geographic information systems), which are taking longer to restore and rebuild[3].
Citations:
- https://www.co.rock.wi.us/residents/cybersecurity-incident
- https://www.blm.gov
- https://madison.com/news/local/government-politics/wisconsin-cybersecurity-attack-rock-county-human-services/article_4933088a-8f94-11ee-a05c-4788e5405613.html
- https://www.watchguard.com
- https://www.gazettextra.com/news/local/rock-county-ransomware-attack-breached-private-health-info-at-human-services/article_9425852c-8b00-11ee-9e06-074a1d38b76e.html
- https://skillbridge.osd.mil/locations.htm
- https://www.databreaches.net/if-youre-in-rock-county-wisconsin-do-not-read-this-post-absolutely-do-not-read-this-post/
- https://www.foxnews.com/category/us/crime
- https://www.idstrong.com/data-breaches/rock-county-wi-breach/
- https://www.ppbi.com
- https://thecyberexpress.com/rock-county-wisconsin-cyberattack/amp/
- https://atriaseniorliving.com
- https://www.wmtv15news.com/2023/10/25/rock-county-investigating-ransomware-attack/
- https://www.propublica.org/article/ugly-truth-behind-we-buy-ugly-houses
- https://therecord.media/wisconsin-county-dealing-with-ransomware-attack-healthcare
- https://discover.castlebranch.com