Kansas county says cyber attack compromised the data of about 30,000 residents

News24 Sep 2024

Franklin County in Kansas said that the data security incident it suffered earlier this year compromised the sensitive personal information of almost 30,000 individuals.

In a data breach notice filed with the Office of Maine Attorney General, Franklin County officials said that on May 20, the County became aware of a ransomware attack that affected its internal network. Officials immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

“Through our investigation, we learned that on May 19, 2024, the cyber criminals responsible for the attack took some data from the County’s network,” reads the notice.

The compromised data included names, addresses, Social Security numbers, driver’s license numbers, financial account numbers, dates of birth, information related medical condition, treatment, diagnosis, medications, names of healthcare providers, information regarding services provided by the County, such as locations of service, dates of service, medical record numbers, vaccination information, COVID related information, insurance identification number, and insurance or billing information.

Franklin County’s filing with the Maine state regulator revealed that at least 29,690 individuals were impacted by the data security incident.

To further enhance its security and prevent similar issues in the future, the County has deployed security monitoring tools to enhance detection and accelerate response to cyber incidents, strengthened network access security requirements and implemented enhanced technical security solutions including updating its firewall protections.

While the County found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

It has also offered one year of complimentary identity protection and credit monitoring services through Experian IdentityWorks to all affected individuals.