Hackers encrypted Suffolk health department data, report says

Forensic investigators probing the September ransomware attack on Suffolk County found evidence that hackers encrypted data and left ransomware notes on the Department of Health computer network, although Suffolk said there is no evidence “thus far” that personal data was stolen.

In a report from Unit 42, a division of Palo Alto, the company that provided firewall and other network protection services to the county in advance of the attack, investigators also said they found evidence that the hackers “staged and exfiltrated,” or exported, data from the county clerk’s network, as well as Suffolk’s main parent network.

Security experts say health data tends to be among the most highly sought by ransomware attackers and other hackers, in part because it often is rich with personally identifiable information. By encrypting data, the hackers blocked the county from access to it.

Suffolk spokeswoman Marykate Guilfoyle said the county’s Department of Information Technology and its incident response team are “coordinating closely” with County Clerk Vincent Puleo and “will notify any individuals if it is determined that their personal identifying information may have been impacted.”

Suffolk has already acknowledged the Social Security numbers of up to 26,000 employees may have been exposed and that personal information of up to 470,000 people was “accessed or acquired” from the county’s Traffic and Parking Violations Agency server.

In the past, when the county has found that infiltrators compromised data by so-call exfiltration, or stealing and exporting copies, the government moved to alert those whose data may have been compromised. It is providing a free one-year subscription to a credit-monitoring and ID theft…