JANESVILLE — Even more people have been informed that their personal information may have been compromised from a September 2023 ransomware attack on Rock County government.
Letters have been sent out to individuals who may have been affected.
A copy of a letter sent out to a person whose information may have been compromised in the attack was obtained by The 69. That letter was dated Oct. 9 of this year. The letter informs the person that the county is continuing to reevaluating policies and procedures regarding network security. It also says what information was involved, which could be name and social security number.
County Administrator Josh Smith told The 69 that it is believed that the group of people who received letters were the last who were affected. He could not confirm how many people received letters.
According to the letter, the county is offering affected individuals with access to 12 months of complimentary credit monitoring, and there are directions on how to sign up enclosed in the letter.
Also, in the 2025 county budget the county has reassigned positions to create a cyber security unit to specifically secure county operations.
“We’re making sure we are using the best tools and that will be a huge help going forward,” Smith said, adding that he was not comfortable with publically disclosing all security measures the county has been taking since last year’s event.
“As a best practice, we encourage you to remain vigilant against incidents of identiy theft and faud by reviewing your account statements and monitoring your free credit reports for suspicious activity,” the letter states.
On Sept. 29, 2023, the county was hit with what at the time it was calling a “cyber event that affected the operability of certain computer systems.” The county later disclosed that it was a ransomware attack and it had been working with various law enforcement agencies in response, including the FBI.
County officials disconnected its network from the internet that Sept. 30 and started triage that Oct. 1. The county reported that it affected 32 of 150 of its servers and two laptops. The areas “most affected” were the Public Safety, Human Services and Medical Examiner’s offices and IT’s internal systems. A system at Rock Haven was also hit.
In a report to the county board in November 2023, Rock County Information Technology Director Dara Mosely and Corporation Counsel Richard Greenlee said some files that may have been accessed were protected by the Health Insurance Portability and Accountability Act, also known as HIPAA.
Mosely called the incident a “double extortion attack,” which is when an attacker accesses sensitive data and encrypts, making it easier to get ransom money. The attacker in this case requested $1.9 million, according to the county.
The letter also encourages those with questions to call the county’s assistance line at 888-859-8723, Monday through Friday from 8 a.m. to 8 p.m. or write to the county at 51 South Main St., Janesville, WI 53545.