DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

WI: Richland County government under fire for 2023 data breach (1)

Posted on September 16, 2024September 16, 2024 by Dissent

Update: The county’s notice claims, “We have no evidence that any of your information has been used for identity theft or financial fraud as a result of this incident. Nevertheless, out of an abundance of caution, we wanted to make individuals aware of the incident and provide information on steps individuals can take to safeguard their information.”

The notice is not just out of an “abundance of caution” and it seems misleading to suggest that the county had the option not to notify people. The county is a HIPAA-covered entity for some of the services it provides. As such, it was required to notify HHS and affected patients no later than 60 calendar days from when they discovered the breach.  There is no “abundance of caution” option. If it’s a reportable breach, it needs to be reported no later than 60 days from discovery. According to the county’s September 9 notification to HHS, 76,365 patients were affected by the breach. DataBreaches also notes that while the county appears to claim that the breach was first discovered on August 1, breaches are treated as discovered by HHS as of the first day on which the breach is known or, by exercising reasonable diligence, would have been known to the physician (or where the BA is acting as their agent, their BA). 

Original post follows:

Kyle Pozorski reports:

A number of Richland County residents received a surprising letter over the weekend informing them of what has been called a “data security incident.”

According to a notice posted on the county’s website, the data breach occurred “on or about October 4, 2023.”

Many took to Facebook to voice their concerns on both the Richland Rants and Chats page and in the comments of a post by the Richland County Sheriff’s Office informing residents of calls made to their office. The letters caused many to call RCSO, some suggesting the letters were a scam. The sheriff’s office says they are, in fact, not a scam.

[…]

“The server was hacked around October of last year,” says Dull. “They did not let us know it was hacked, they kept it hush hush.”

Dull also claims “FBI cyber experts” were flown into the county from Texas and Colorado to investigate the breach. News 3 Now has not been able to verify this claim. Dull goes on to say there is growing frustration in the rural southwestern Wisconsin county and that “this should have been disclosed way before 11 months following a hack.”

Read more at Channel3000.

A check by DataBreaches of dark web leak sites maintained by ransomware gangs did not turn up any listings for Richland County.

Category: Government SectorHackU.S.

Post navigation

← Silence may not be golden: Visiting Physicians Network still silent one year after alleged data breach?
NJ: The Physical Medicine & Rehabilitation Center discloses July attack by Meow Leaks →

2 thoughts on “WI: Richland County government under fire for 2023 data breach (1)”

  1. Cheryl Dull says:
    September 17, 2024 at 3:32 am

    Does this mean that they should have assumed a breach in data right away?
    “DataBreaches also notes that while the county appears to claim that the breach was first discovered on August 1, breaches are treated as discovered by HHS as of the first day on which the breach is known or, by exercising reasonable diligence, would have been known to the physician (or where the BA is acting as their agent, their BA). “

    1. Dissent says:
      September 17, 2024 at 11:14 am

      When did they first discover/learn that the attacker(s) accessed the part of the system or network that contained PHI? And what did they then do? A manual review just shows you exactly what data types of data for each individual were involved. In this case, it sounds like the county wasn’t able to even stop the breach immediately and that the attackers still had access until October 26. When did the forensics firm first tell the county that PHI was involved or when did the county first know that?

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide
  • Russian national and leader of Qakbot malware conspiracy indicted in long-running global ransomware scheme
  • Texas Doctor Who Falsely Diagnosed Patients as Part of Insurance Fraud Scheme Sentenced to 10 Years’ Imprisonment
  • VanHelsing ransomware builder leaked on hacking forum
  • Hack of Opexus Was at Root of Massive Federal Data Breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.