Mitchell County, North Carolina reports ransomware attack exposing Department of Social Services data

Mitchell County in North Carolina reports a ransomware attack that resulted in breach of sensitive protected health information belonging to individuals who received or are receiving services from the County Department of Social Services. 

The attack was detected on October 20, 2025, when county officials discovered ransomware on their computer network. The county started an investigation and reported the incident to state and federal law enforcement.

The investigation determined that unauthorized access to the county network occurred between October 16, 2025 and October 20, 2025. Attackers stole certain county data containing protected health information. The attack also resulted in operational disruptions, including phone and email system outages that persisted for several days. 

The types of exposed data and number of affected individuals is not disclosed. 

Mitchell County has committed to providing required written notice to all impacted individuals and will offer complimentary credit monitoring services where appropriate. 

Mitchell County is encouraging potentially impacted individuals to regularly review account statements, free credit reports, and any health insurance Explanation of Benefits forms for unauthorized or suspicious activity. The county advises individuals to report any unusual activity to law enforcement and consider placing fraud alerts or security freezes on their credit reports.