DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

WI: Richland County government under fire for 2023 data breach (1)

Posted on September 16, 2024September 16, 2024 by Dissent

Update: The county’s notice claims, “We have no evidence that any of your information has been used for identity theft or financial fraud as a result of this incident. Nevertheless, out of an abundance of caution, we wanted to make individuals aware of the incident and provide information on steps individuals can take to safeguard their information.”

The notice is not just out of an “abundance of caution” and it seems misleading to suggest that the county had the option not to notify people. The county is a HIPAA-covered entity for some of the services it provides. As such, it was required to notify HHS and affected patients no later than 60 calendar days from when they discovered the breach.  There is no “abundance of caution” option. If it’s a reportable breach, it needs to be reported no later than 60 days from discovery. According to the county’s September 9 notification to HHS, 76,365 patients were affected by the breach. DataBreaches also notes that while the county appears to claim that the breach was first discovered on August 1, breaches are treated as discovered by HHS as of the first day on which the breach is known or, by exercising reasonable diligence, would have been known to the physician (or where the BA is acting as their agent, their BA). 

Original post follows:

Kyle Pozorski reports:

A number of Richland County residents received a surprising letter over the weekend informing them of what has been called a “data security incident.”

According to a notice posted on the county’s website, the data breach occurred “on or about October 4, 2023.”

Many took to Facebook to voice their concerns on both the Richland Rants and Chats page and in the comments of a post by the Richland County Sheriff’s Office informing residents of calls made to their office. The letters caused many to call RCSO, some suggesting the letters were a scam. The sheriff’s office says they are, in fact, not a scam.

[…]

“The server was hacked around October of last year,” says Dull. “They did not let us know it was hacked, they kept it hush hush.”

Dull also claims “FBI cyber experts” were flown into the county from Texas and Colorado to investigate the breach. News 3 Now has not been able to verify this claim. Dull goes on to say there is growing frustration in the rural southwestern Wisconsin county and that “this should have been disclosed way before 11 months following a hack.”

Read more at Channel3000.

A check by DataBreaches of dark web leak sites maintained by ransomware gangs did not turn up any listings for Richland County.

No related posts.

Category: Government SectorHackU.S.

Post navigation

← Silence may not be golden: Visiting Physicians Network still silent one year after alleged data breach?
NJ: The Physical Medicine & Rehabilitation Center discloses July attack by Meow Leaks →

2 thoughts on “WI: Richland County government under fire for 2023 data breach (1)”

  1. Cheryl Dull says:
    September 17, 2024 at 3:32 am

    Does this mean that they should have assumed a breach in data right away?
    “DataBreaches also notes that while the county appears to claim that the breach was first discovered on August 1, breaches are treated as discovered by HHS as of the first day on which the breach is known or, by exercising reasonable diligence, would have been known to the physician (or where the BA is acting as their agent, their BA). “

    1. Dissent says:
      September 17, 2024 at 11:14 am

      When did they first discover/learn that the attacker(s) accessed the part of the system or network that contained PHI? And what did they then do? A manual review just shows you exactly what data types of data for each individual were involved. In this case, it sounds like the county wasn’t able to even stop the breach immediately and that the attackers still had access until October 26. When did the forensics firm first tell the county that PHI was involved or when did the county first know that?

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked
  • Hunters International to provide free decryptors for all victims as they shut down (1)
  • SEC and SolarWinds Seek Settlement in Securities Fraud Case
  • Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
  • Hacker with ‘political agenda’ stole data from Columbia, university says
  • Keymous+ Hacker Group Claims Responsibility for Over 700 Global DDoS Attacks
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • DOJ investigates ex-ransomware negotiator over extortion kickbacks
  • Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute
  • Wisconsin Supreme Court’s Liberal Majority Strikes Down 176-Year-Old Abortion Ban

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.