Cyber Incident Victim: Stanislaus County's Mental Health Department

On December 12, 2017, Stanislaus County’s Behavioral Health and Recovery Services department experienced a ransomware attack that compromised approximately 500 computers within its network. The malicious software was detected on Tuesday, prompting immediate containment measures by county IT personnel. By December 15, the county confirmed through a press release that affected systems had been quarantined to prevent further spread of the ransomware across the network. The attackers demanded a ransom payment of approximately $65,000 to restore access to the encrypted systems, though county officials publicly indicated they did not intend to pay the demanded amount. Despite the widespread disruption to computer systems, the department maintained continuity of mental health services for clients throughout the incident period, avoiding critical service interruptions during the holiday season when demand for such services often increases.

County authorities emphasized in their December 14 press release that no personal information "breech" had been detected, using an incorrect spelling of "breach" that was subsequently replicated in multiple media reports. The quarantine of affected computers represented the primary technical response to contain the attack, though the specific ransomware variant and initial infection vector were not disclosed publicly. No data exfiltration or unauthorized access to protected health information was confirmed by investigators. The incident remained confined to the Behavioral Health department’s systems without spreading to other county networks. Operational impacts were mitigated through contingency protocols that allowed clinical staff to continue client care despite the technical disruption, though the press release did not specify whether medical records became temporarily inaccessible during the containment period.