Cyber security expert shares ‘lessons learned’ in recent cyber attacks

With some 30,000 people, Carroll County in northwest Arkansas may be fairly small but that does not make the data it holds any less valuable to a hacker.

“The offenders were to the best of anybody’s knowledge in India,” said Carroll County Sheriff Randy Mayfield in a news conference on Monday.

Cyber thieves using ransomware recently took control of the Carroll County sheriff’s department emails, and there was no backup.

“Perhaps lesson learned. They are backing up that data, and testing those restore so they do not have to pay a ransom (in the future),” said Dawn Frank, the HIPAA privacy and security officer for CoxHealth.

Carroll County had to pay $2,400 to get the data back.

“You have Social Security numbers. You have date of birth. Those are identify theft opportunities just waiting to happen,” Frank said.

Frank has worked in cyber security for many years and controls access to highly sensitive information. She said government entities tend to be behind the private sector when it comes to protecting our personal information.

“I don’t think the general public realizes how severe that is, and that that data is available to so many people,” she said.

That is why Frank said securely backing up data is the first priority. Encrypting data and emails, basically scrambling the words to be indecipherable to a hacker, is the next most important practice.

Encrypting emails is something that Greene County Prosecuting Attorney Dan Patterson has requested as hacks like the one in Carroll County become more and more common.

“There was no recourse, nothing that can be done from a law enforcement standpoint that we’re aware of,” Mayfield said.

Greene County plans to follow through on the prosecutor’s request to encrypt certain emails. Much of the data within the Greene County Sheriff’s Department is already encrypted, said a county spokeswoman. It is now up to other departments to request encryption for 2017.

You can contact local leaders with your privacy and security concerns.


. . . . . . . .

Leave a Reply