Cyber Incident Victim: Clay County
Date:
Oct 2023
Location:
United States of America
Summary
A ransomware attack compromised Clay County's network, specifically targeting the CaseWorks electronic document management system used by multiple Minnesota county social services entities. Unauthorized access occurred over a three-day period, resulting in data exfiltration that included names, Social Security numbers, addresses, dates of birth, service details, client identifiers, and insurance information. The county engaged digital forensics experts, notified federal law enforcement and state agencies, and implemented security enhancements including multi-factor authentication, updated vendor access protocols, and improved monitoring tools. While no evidence of data misuse or dark web exposure was found, notifications were sent to affected individuals across impacted counties, with supplemental public notices for those lacking contact information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 27, 2023, Clay County, Minnesota, confirmed a ransomware attack had compromised its network, specifically targeting CaseWorks—an electronic document management system hosted by the county and utilized by multiple Minnesota county social services agencies. The investigation revealed unauthorized access occurred between October 23 and October 26, 2023, during which cyber criminals exfiltrated data from the network. Upon detection, Clay County initiated its incident response protocol, engaging its local information technology partner and a national digital forensics firm to investigate, restore operations securely, and assess the breach’s scope. Federal law enforcement and the Minnesota Department of Human Services were notified. The forensic review determined that attackers extracted sensitive personal and protected health information belonging to individuals served by Clay County Social Services and their household members, though no evidence emerged indicating misuse or dark web distribution of the stolen data.
The compromised data included names combined with Social Security numbers, addresses, dates of birth, service details (locations, dates, client identification numbers), insurance identification numbers, and billing information. Clay County began mailing notification letters to affected individuals on December 22, 2023, but acknowledged insufficient contact details for some recipients, prompting supplemental public notices via its website and a toll-free hotline (800-459-5922) requiring an engagement number (B112010) for verification. Concurrently, the county notified other impacted Minnesota counties relying on the CaseWorks system and reported the incident to the U.S. Department of Health and Human Services and relevant state regulators. Remediation efforts included implementing multi-factor authentication for remote CaseWorks access, updating vendor access protocols, deploying advanced security tools for threat detection, and enhancing technical safeguards for the CaseWorks application. The county emphasized its commitment to data privacy but confirmed no operational disruptions beyond the initial network compromise.