Clay County, Minnesota reports data breach after ransomware attack

Clay County experienced a ransomware attack targeting its CaseWorks electronic document management system, affecting both Clay County and other Minnesota county social service agencies. The cyberattack, discovered on October 27, led to unauthorized access and data theft from the county's network between October 23 and 26.

Impacted agencioes include Clay County Social Services, Big Stone County Family Services, Pennington County Human Services, Scott County Health and Human Services, Stevens County Human Services, Traverse County Social Services, Western Prairie Human Services, and Wilkin County Health and Human Services.

The compromised data varies by individual but may include:

• names,
• Social Security numbers,
• addresses,
• dates of birth,
• details of services provided,
• client identification numbers,
• insurance identification numbers,
• insurance or billing information.

The number of affected individuals is not disclosed.

In response to the breach, Clay County activated its incident response process, collaborating with a local IT partner and a nationally recognized digital forensics firm to investigate the incident, restore secure operations, and assess the extent of the data breach. The county notified federal law enforcement and the Minnesota Department of Human Services.

Clay County began mailing notifications on December 22, 2023, to individuals whose health and personal information may have been impacted, advising them to monitor their account statements, credit reports, and health insurance Explanation of Benefits forms for any unauthorized or suspicious activity. Additionally, for those whose Social Security numbers or driver's licenses were involved, Clay County is offering complimentary credit monitoring services.