The following information was released regarding a security breach in Chippewa County:
On Tuesday, February 28, 2023, a remote-control application was accidentally downloaded by a Chippewa County employee. The County cannot confirm how this occurred, but we believe it was by accidentally clicking on an internet pop-up or malicious link in error that downloaded the application. Then, on Wednesday, March 1, 2023, the employee was working on their computer in their office and someone else started to use the remote-control application and started to type. That person gained access to the computer for approximately five minutes until the Information Technology (IT) Department was able to stop the access.
The IT Department was able to confirm that approximately 25- 35MB of data was sent through this application from 9:20 a.m. – 9:25 a.m. on March 1, 2023. The County believes the data that was obtained was most likely documents that had been saved on the employee’s desktop.
There were seven (7) total documents saved on the employee’s desk top that contained HIPAA information. A letter notifying many of the individuals was mailed to those individuals today. There are several names on one of those documents (a spreadsheet) that the County no longer has addresses for because those individuals have not been clients of the County in over ten (10) years and are no longer
residing at the addresses the County has on file. This spreadsheet contained a medical history number,
client name, drug prescribed, date signed and the doctor’s initials.
No social security numbers were included on any of the documents potentially breached.
Please contact the Privacy Officer, Toni Hohlfelder, at 715-726-7970 or firstname.lastname@example.org
if you have any questions.