A breach of the Butler County computer network that allowed hackers to access the public’s personal information has officials in other counties reinforcing their systems to ward off a similar hack.
“Armstrong County’s IT director is aware and on top of the attacks,” Commissioner Pat Fabian said.
“Our IT director has been on-site twice since the attack in Butler County from a support, educational and prevention stance.”
Notifications of the Butler County breach were sent out Wednesday.
Affected data included names, Social Security numbers, driver’s license numbers, state ID numbers, taxpayer ID numbers, passports, medical condition or treatment information, financial account or payment card information and individual health insurance policy numbers.
It is not clear how many people were affected.
Abigail Gardner, Allegheny County communications director, said protocols are in place to safeguard sensitive information.
“The county takes the safety and security of personal information very seriously and operates a comprehensive information security program,” Gardner said.
Technologies include multifactor authentication, End Point Detection & Response, firewalls, intrusion detection systems and network segmentation.
“Allegheny County addresses the people side of information security with specialized training and phishing simulations and training,” Gardner said.
Gardner and Fabian each declined to discuss security measures further.
“We don’t want to invite any challengers to our robust systems,” Fabian said. “I am confident in our IT department and systems.”
Westmoreland County officials said they remain vigilant but also wouldn’t disclose their security measures.
“The county is aware of current cyber threats targeting local governments and continues to stay abreast of modern cyber security best practices,” said Richard Svesnik, deputy director of information systems.
How it happened
In a statement released Wednesday, Butler County officials said problems were detected about four months ago. Federal law enforcement personnel alerted leaders to suspicious network activity Oct. 2.
The county worked with a nationally recognized digital forensic team to secure the network and investigate. They determined there was unauthorized access to, and acquisition of, personal information.
The data review was completed Jan. 22 and the county began trying to contact those who are affected, including by mail.
The Butler County District Attorney’s Office was notified and is partnering with federal law enforcement to investigate.
On Thursday, District Attorney Richard Goldinger referred questions to the county solicitor, Julie Graham.
She did not immediately respond to requests for comment.
Cyber expert’s take
David Hickton is the director and founder of the University of Pittsburgh Institute for Cyber Law, Policy and Security. Prior to that, he was the U.S. Attorney for the Western District of Pennsylvania.
TribLive asked him what course of action a county or business can take to prevent such a cyberattack.
In an emailed responsed, Hickton said, “Butler County hasn’t announced details of how their network was hacked so I can’t comment on the specifics of that particular cyberattack. But oftentimes it’s a case of poor cyber hygiene: employees aren’t consistently using multi-factor identification or someone clicks a link on a phishing email.
”It’s also worth noting that with AI (artificial intelligence), phishing emails are getting a lot better. Sometimes governments are using old versions of software, making them more vulnerable than they otherwise would be.
Regarding protocols that should be followed, Hickton said: “At the level of county government, cyber security is only as strong as the employees, so employee training on the above is essential.
“Much of this you’ve heard before: use strong passwords, consider using a password manager to avoid the temptation of using the same password across multiple accounts. Install antivirus software on all devices. Multifactor authentication isn’t failproof but goes a long way. Only download files and click links from sources you know and trust.
“Update your software regularly — that’s how developers push out fixes to known systems vulnerabilities. It can also be valuable to encrypt particularly sensitive data: that way, even if your system is hacked, those files are protected.
But, in the end, Hickton warned: “All governments and private companies should be taking these steps to protect data, but at the end of the day — if you have a really determined cyber adversary trying to breach your system, they will probably find a way.”
What Butler County is doing
Butler County officials said they have taken these steps to prevent future breaches:
• Deployed security tools to enhance detection and accelerate response to cyber incidents.
• Actively monitoring the network using end point detection tools to help ensure containment.
• Strengthened network security.
What impacted people should do
Butler County officials recommended people impacted by the breach enroll in free credit monitoring through Experian.
They advised the public to remain vigilant for incidents of fraud and identity theft by regularly reviewing their account statements, free credit reports and any health insurance explanation of benefits forms for unauthorized or suspicious activity.
People also are encouraged to report any incidents of suspected identity theft to local law enforcement, the state Attorney General’s Office and major credit bureaus.
A toll-free number, 833-918-1254, has been set up for residents who may have been impacted and whose contact information the county did not have.
The phone line will be open from 9 a.m. to 9 p.m. Mondays through Fridays. The county asks those calling about the breach to provide the following engagement number: B116747.
Tawnya Panizzi is a TribLive reporter. She joined the Trib in 1997. She can be reached at tpanizzi@triblive.com.
