Franklin County in Kansas recently encountered a ransomware attack that resulted in the theft of the protected health information (PHI) saved on its system. The County discovered the attack on May 20, 2024, and engaged a digital forensics company to help secure its system and investigate the incident. Although the prompt action of the Department of Technology halted the encryption, the attack wasn’t discovered early enough to stop the data theft.
On May 19, 2024, it was confirmed by an investigation that the exfiltration of data included the PHI of people who received services from the County Adult Detention Center and the County Health Department. The investigation and review of documents are not yet finished, so it is uncertain at this time how many people were impacted.
The breach report submitted to the HHS’ Office for Civil Rights indicated that at least 501 people were impacted. This figure will be replaced with the actual number as soon as the investigation and document evaluation are completed. Franklin County officers have stated that the breached information includes names, addresses, birth dates, Social Security numbers, medical record numbers, vaccination data, dates of service, diagnosis data, treatment details, medication data, medical insurance ID numbers, and/or other medical insurance details.
Franklin County is utilizing dark web monitoring apps to determine if any of the stolen information was published and when its substitute breach notice was published. No information was posted or made available for sale. The situation is different after that. The Rhysida ransomware group has professed to have been behind the attack and claimed to have stolen 6.5 TB of data files. A week ago, the Rhysida ransomware group added Franklin County to its data leak site and claimed that the stolen information consisted of databases, usernames and passwords of employees and information from all servers related to emergency service apps.
Although a lot of ransomware groups expose stolen information on their data leak sites when no ransom payment is given, Rhysida is known for auctioning off the stolen information. For instance, the cyberattack on Lurie Children’s Hospital in Chicago last January 2024 was conducted by Rhysida. The stolen data from that incident was sold for $3.4 million. As per Rhysida, there will be a 7-day auction and the group will sell the data for a minimum of 30 Bitcoin or $1.9 million.
Franklin County is providing free credit monitoring services to all personnel of the city of Columbus, Municipal Court judges, and Municipal Court Clerk personnel of Franklin County. The County has implemented extra security monitoring software to improve discovery and response, toughened system access controls, removed all inactive user accounts, and applied supplemental technical security procedures, such as upgrading its firewall defenses.