Private medical information may have been compromised in Chippewa County security breach

The breach began Feb. 28 and continued on March 1, according to office of the Chippewa County Administrator.

On Tuesday, Feb. 28, a remotely controlled application was accidentally downloaded by a Chippewa County employee.

“The County cannot confirm how this occurred, but we believe it was by accidentally clicking on an internet pop-up or malicious link in error that downloaded the application,” County Administrator Randy Scholz said in a press release.

Then, on Wednesday, March 1 the employee was working on their office computer and someone else started to use the remote-control application and began typing.

“That person gained access to the computer for approximately five minutes until the Information Technology Department was able to stop the access,” the press release states.

The department was able to confirm that 25 to 35 megabytes of data was sent through the application between 9:20 and 9:25 a.m. March 1.

“The County believes the data that was obtained was most likely documents that had been saved on the employee’s desktop,” Scholz said.

There were seven total documents saved on the employee’s desk top that contained private medical information.

A letter notifying people who may have been impacted was mailed to them today.

There are several names on one spreadsheet that the county no longer has addresses for because those people have not been clients of the county in over 10 years and no longer reside at the addresses the county has on file.

This spreadsheet contained a medical history number, client name, drug prescribed, date signed and doctor’s initials.

No Social Security numbers were included on any of the documents potentially breached, the release said.