Cyber Incident Victim: County of Tehama

On April 9, 2022, Tehama County Social Services Department in Corning, California, discovered a technical disruption affecting its IT systems. The agency immediately secured its systems and took them offline as a precautionary measure. Officials launched an investigation with assistance from a third-party forensic firm and notified state, local, and federal law enforcement agencies. The ransomware group Quantum claimed responsibility for the attack on its dark web leak site, alleging it had stolen 32 gigabytes of data containing personally identifiable information (PII) and electronic protected health information (ePHI). Tehama County Social Services did not publicly confirm Quantum's claims or provide additional details about the incident when contacted by Information Security Media Group. The department provides various social services for adults and children, including protective services for individuals dealing with abuse and neglect, making the compromised data particularly sensitive. No specific timeline was provided regarding system restoration or operational impacts beyond the immediate shutdown. The agency's statement did not disclose whether ransomware was deployed, whether data was encrypted, or if any ransom demands were made. Forensic investigators worked to determine the exact scope of data exposure and whether unauthorized access occurred prior to detection. No information was released regarding the number of affected individuals or specific data types beyond the general categories referenced in Quantum's claim.

The incident occurred amid a pattern of attacks targeting social services agencies handling sensitive records. Historical context from similar attacks suggests potential consequences including exposure of medical evaluations, child protection case details, personnel records, and ongoing investigation files, though Tehama County has not confirmed such specific impacts. The Chatham County, North Carolina attack in October 2020 provides a comparative example where ransomware compromised children's medical evaluations and law enforcement investigation documents, while also crippling county computer systems, internet access, and phone services for an extended period. Sensitive social services records are particularly vulnerable targets due to their highly personal nature involving abuse cases, medical conditions, and financial information that cannot be effectively secured once exposed. The Alaska Department of Health and Social Services breach in September 2021 affected 500,000 individuals across multiple systems including behavioral health management and vaccine reporting, demonstrating the potential scale of such incidents. Tehama County's investigation focused on determining the duration of unauthorized access, exact data exfiltrated, and whether any information was misused. The agency maintained its website statement as the primary communication channel without issuing subsequent updates regarding notification of affected individuals or mitigation measures. No information was disclosed about potential HIPAA violations or regulatory reporting timelines given the involvement of health-related data. The forensic review process remained ongoing at the time of the last available reporting with no public resolution timeline.