Adams County Government Data Breach May Have Affected Over 258,000 Wisconsin Residents

by | Aug 20, 2018

Over 258,000 people have had their personal health information, personal identification information and/or tax information accessible online due to a data security incident in Adams County, Wisconsin.

A possible security breach was discovered on March 28, 2018 after suspicious activity was noticed on the Adams County computer system and network. An investigation was kicked off to determine whether any sensitive data had been accessed and on June 29, a data breach was confirmed to have taken place.

Some proof has been found that implies PHI and PII has been accessed and potentially downloaded by an unauthorized person. 258,102 individuals have potentially been impacted.

The exposed data was obtained between January 1, 2013 and March 28, 2018 and were stored on the systems utilized by the departments of Health and Human Services, Child Support, Veteran Service Office, Extension Office, Adams County Employees, Solid Waste, and the Sheriff’s Office.

A criminal investigation has been initiated into the breach and the suspect(s) have been blocked from accessing the entire Adams County network and accounts have been disabled pending a thorough investigation.

As reported by TV station WAOW, the prime suspect seems to be Adams County Clerk, Cindy Phillippi. Attempts are currently in place to have Phillippi removed from office.

A Verified Statement of Charges has been submitted against Phillippi who is believed to have installed a keylogger on the network – a form of malware that logs all keystrokes entered on computers to record passwords and other sensitive information. The keylogger was loaded onto almost all computers owned by the county.

Phillippi has been accused of the unauthorized accessing of confidential computer records, viewing unauthorized checking accounts, removing records, accessing the Health and Human Services building without authorized permission, sharing confidential information with a former employee, and misleading an investigation into her actions. Phillippi’s laptop has been taken and is being forensically examined. Phillippi has not yet been charged with any cyber crimes.

Phillippi has denied most of the claims and says she asked to be given access to confidential records to review a suspected case of pornography access by a department head. She also alleged that that she did not login to the system and that other people had used her computer. The case is due to be heard by the Board of Supervisors on September 19.

Measures have already been put in place to enhance security and stop any further breaches. The county has consulted with several different entities to identify possible weaknesses, security upgrades have been completed, and the County is working on improving its monitoring capabilities.

The County is currently looking into a long-term solution to enhance security, although in the meantime software control mechanisms that had been manipulated have been switched off and administrative controls for system and data access have now been placed in the control of one person.

Alerts will be issued to all individuals whose PHI, PII, or tax information was exposed.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy