- Personal information, including PHI, on 258,120 people was exposed in a data breach of the Adams County, Wisconsin, computer system.
The Adams County government said in an August 10 release that the breach involved PII, PHI, and tax information from the county’s Veteran Service Office, Extension Office, Adams County Employees, Solid Waste, Health and Human Services (HHS), Child Support, and Sheriff's Office.
Any data that resided on the network between January 1, 2013, and March 28, 2018, is at risk.
The county explained that a possible breach was first discovered on March 28 by Schenck and a comprehensive report was provided on June 29 confirming the breach.
The investigation found that an unauthorized individuals obtained rights, usernames, and passwords by manipulating software programs on the county’s network that allowed them to access PII, PHI, and tax information beyond their authorized role.
“Access to control and/or authorize access to the involved departments has been restricted and placed in the control of one designated individual. A long-term solution to prevent any future breaches is currently being examined and will be instituted as soon as feasible in light of current design and costs,” the release said.
The county recommended that victims take the following steps: registering a fraud alert with the three credit bureaus; ordering free annual credit reports; and monitoring bank, credit card, and other account statements, explanation of benefits statements, and credit reports. The county did not indicate that it would be providing free credit monitoring services to breach victims.
TV station WAOW has identified Adams County Clerk Cindy Phillippi as a suspect in the data breach investigation, according to documents obtained by the station. A verified statement of charges brought against Phillippi by the Adams County personnel director alleges that she gained unauthorized access to confidential records, deleted records, set up an unauthorized checking account, gained unauthorized access to the HHS building, released confidential information to a former employee, and misled an investigator.
In the statement, the personnel director asks the Adams County Board to hear the charges against Phillippi and requests that she be removed from her elected office.
The Wisconsin Department of Justice obtained a search warrant and seized Phillippi’s laptop computer. The warrant alleges that she installed a computer logging tool and captured keystrokes from the county’s computers.
In responding to the charges, Phillippi said that she never misled investigators or the county and that everything she did was legal, authorized by the county board, or common practice in place before she became county clerk.
Phillippi said she asked for access to confidential records because she suspected that a department head was accessing pornography on his computer and she was investigating that possibility. She said that she never logged into the secure system and that other people used her computer to log into that system.
Adams County manager Casey Bradley told the TV station that consultation with outside experts has led to security upgrades.
“We've been connected with a number of different entities ... to try to identify exactly where all the vulnerabilities are ... and actually monitoring as it goes forward,” Bradley said. To ensure the integrity of Adams County Sheriff's records, Bradley said personnel are screening all access to records.
Bradley and a Wisconsin State Elections Commission official said the breach does not impact any computer function to be used to carry out elections in Adams County.
Lena Bellon, who contracts with the county to provide services to people with developmental disabilities, said she is concerned about access to information such as her Social Security number, but said she is confident Adams County officials have taken steps to address the breach.