Ramsey Co. ransomware attack exposes personal data of thousands

Ramsey County officials are releasing details of a data security incident in which hackers potentially accessed the personal information of thousands of residents.

On Friday, the county announced that one of its technology services vendors, Netgain Technology LLC, was hacked on December 2 — with "a malicious outside hacker" attempting to extort payment from the company in a ransomware scheme. 

A technical analysis found that as many as 8,700 people may have had their data accessed. All are clients of one of the county's public health programs.  

Officials issued the notice "following federal law and in an abundance of caution." 

Those who may have been affected have received a notification letter from the county, which says the hackers could have accessed such information as "name, addresses, dates of birth, dates of service, telephone numbers, account numbers, health insurance information, and medical information."

"Netgain determined that the ransomware incident affected data within an application used by Ramsey County’s Family Health Division to document home visits," the letter says. 

However, "there is no indication the hackers had any interest in client data beyond the extortion scheme," a news release says.

Ramsey County "suspended all use of Netgain's application" and "moved to manual backup procedures" after it learned of the attack.

Clients who might have been affected by the hack can call Ramsey County at 651-266-2275 to find out whether their information was exposed.