The day’s local, regional and national news, detailed events and late-breaking stories are presented by the ABC 6 News Team, along with the latest sports, weather updates including the extended forecast.
(ABC 6 News) — Mower County has determined that, during the ransomware attack that took place in June, there was unauthorized access to and acquisition of protected health information related to people who received services from the County Health and Human Services Department.
Now, a lack of trust is growing between people living in Mower County and their public officials. Alex Centeno is just one of the folks living in the county who is now skeptical of the people who represent him.
“At this point, it’s not even about personal information, it’s just about trust,” Centeno said.
County administrator Matthew Verdick said Friday evening that it’s unclear who was involved, who was affected and what data specifically fell victim to the attack. He added that while the data was accessed, there is no evidence of any misuse of the information at this time.
But Centeno said he is still uncertain on the security of Mower County’s systems.
“It makes me question how tight like security is around Mower County,” Centeno said.
Related: Mower County eyes new records management system following ransomware attack
The county is continuing to work with federal law enforcement and will cooperate with any law enforcement investigation into the attack.
Related: Mower County announces ransomware incident has been resolved
County staff said they recommend residents remain vigilant for incidents of fraud and identity theft by regularly reviewing account statements, free credit reports, and health insurance explanation of benefits (EOB) forms for any unauthorized or suspicious activity.
If any health services are listed in your EOB that you did not receive, you should contact your health plan or doctor.
Even as the county staff said they are working to make upgrades to their defense systems, cybersecurity expert and CEO of CyberCatch, Sai Huda, said there is very little one can do to retrieve data once it’s gone.
“Once the data is gone, the data is gone. So it’s most unfortunate. So really the key is prevention,” Huda said.
Related: Mower County eyes new records management system following ransomware attack
Mower County staff said the investigation into the incident is ongoing, and they are conducting a review of the contents of the data to determine what information may have been involved and who may have been affected.
Once the review is complete, the county will provide written notice to individuals impacted and will offer complimentary credit monitoring services where appropriate.
“The privacy and security of the information we maintain is very important to us, and we remain committed to doing everything we can to maintain the confidentiality of such information,” said Matthew Verdick, County Administrator, via a press release. “The County will continue to invest in the internal processes, tools, and resources to reduce the likelihood of future security incidents.”
If you have any questions or concerns about this ransomware attack, you may call Mower County at 507-437-9701.
