Ken Carlson reports on Modesto Bee:
Stanislaus County’s mental health department was the target of a ransomware attack that disabled its computers this week.
About 500 computers in county Behavioral Health and Recovery Services were compromised by the cyberattack Tuesday, according to a press release issued Friday.
It appears that the county will not be paying the demanded ransom, which was worth approximately $65,000. Services to clients continue during this period.
KCRA adds, “No breech (sic) of personal information has been detected, officials said.” Curiously, Central Valley Business Times also misspelled “breach” as “breech,” which made me wonder how the county had spelled it in their press release. Sure enough, Stanislaus County’s press release from yesterday had it spelled “breech” instead of “breach.”
On a positive note, it sounds like the county really had their act together on incident response to isolate and quarantine computers on the network and to manage to keep providing services to clients. The holidays are a time of additional stress and/or depression for many people, and we should all think about how much worse this incident might have been if there were actual support or service interruptions – apart from the risk of protected health information being acquired or exfiltrated.