December 2020 Data Security Incident
On Dec. 2, 2020, Netgain Technology LLC, a vendor that provides technology services to Ramsey County and other organizations, advised Ramsey County that it had experienced a security incident by a malicious outside hacker. The hacker sought to extort payment from Netgain in a scheme that is often referred to as "ransomware".
Upon learning of the incident, Ramsey County suspended all use of Netgain's application and moved to manual backup procedures, and performed an extensive technical analysis of possible exposure of its clients' data.
Although there is no indication the hackers had any interest in client data beyond the extortion scheme, a technical analysis performed by Ramsey County estimates as many as 8,700 clients of its Family Health Division may have had data accessed. On Jan. 29, 2021, following federal law and in an abundance of caution, Ramsey County notified all clients who may have possibly had data exposed of the incident.
The notification letter is available at ramseycounty.us/publicnotice. The letter includes a phone line for those with questions about the incident to call - 651-266-2275.
Under the Health Insurance Portability and Accountability Act (HIPAA), notification of any breach of protected health information involving more than 500 individuals must be provided to media outlets. In addition, if there is insufficient contact information for more than 10 individuals, notice must be provided to media in the areas where affected individuals reside or on a website posting that is maintained for 90 days. Clients may find out whether their information was in this data by contacting us at the number above.