Mower County suffered a ransomware attack on June 18, leading to the theft of protected health information (PHI) from individuals receiving services from its Health and Human Services Department. While systems were largely restored, the county confirmed that cybercriminals exfiltrated sensitive data, though the full scope including the exact number of affected individuals and the precise nature of the compromised records remains under investigation. The county is offering complimentary credit monitoring to impacted parties and has engaged cybersecurity forensics experts and federal law enforcement to mitigate further risks. Authorities are reviewing the stolen data to identify affected residents and provide written notices. The incident has prompted Mower County to strengthen network defenses, monitor systems more rigorously, and urge potentially impacted individuals to scrutinize financial and health insurance statements for fraudulent activity. The attack underscores vulnerabilities in local government cybersecurity, particularly concerning healthcare data protection.
Source: https://www.govtech.com/security/mower-county-minn-notifies-residents-after-cyber-attack
TPRM report: https://www.rankiteo.com/company/mower-county
"id": "mow643081925",
"linkid": "mower-county",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Individuals who received or are '
'receiving services from Mower '
"County's Health and Human "
'Services Department (exact '
'number under review)',
'industry': 'Public Administration',
'location': 'Mower County, Minnesota, USA',
'name': 'Mower County',
'type': 'Government (County)'}],
'customer_advisories': 'Individuals advised to monitor financial and health '
'accounts for suspicious activity; complimentary '
'credit monitoring offered where appropriate.',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 'Under review (exact number not '
'yet determined)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (health-related personal data)',
'type_of_data_compromised': ['protected health information '
'(PHI)']},
'date_detected': '2025-06-18',
'date_publicly_disclosed': '2025-06-21',
'description': 'Mower County experienced a ransomware attack on June 18, '
'2025, leading to the exfiltration of protected health '
'information (PHI) from its Health and Human Services '
'Department. The County detected the attack early in the '
'morning and launched an investigation with cybersecurity and '
'data forensics consultants, while also notifying federal law '
'enforcement. While systems have largely been restored, the '
'County is reviewing the impacted data to identify affected '
'individuals, who will receive written notices and '
'complimentary credit monitoring services where appropriate. '
'The County is also strengthening its network defenses and '
'encouraging potentially impacted individuals to monitor their '
'accounts and credit reports for suspicious activity.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'breach of sensitive health data; '
'proactive communication and credit '
'monitoring offered to mitigate impact',
'data_compromised': ['protected health information (PHI)'],
'downtime': 'Systems largely restored by disclosure date '
'(2025-06-21), but exact duration unspecified',
'identity_theft_risk': 'High (protected health information '
'compromised; individuals advised to '
'monitor credit and account statements)',
'operational_impact': 'Disruption to county services, ongoing '
'investigation and data review',
'systems_affected': ['Mower County computer network',
'Health and Human Services Department '
'systems']},
'initial_access_broker': {'high_value_targets': ['Health and Human Services '
'Department data']},
'investigation_status': 'Ongoing (data review in progress to identify '
'affected individuals and information involved)',
'lessons_learned': 'The County emphasized the importance of investing in '
'internal processes, tools, and resources to reduce the '
'likelihood of future security incidents. Continuous '
'monitoring and proactive communication with affected '
'individuals were highlighted as key response strategies.',
'post_incident_analysis': {'corrective_actions': ['Investing in internal '
'security processes and '
'tools',
'Evaluating and '
'implementing changes to '
'strengthen network '
'defenses',
'Enhanced monitoring of '
'systems and network '
'access']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Individuals potentially impacted are advised to:',
'- Regularly review account statements',
'- Check free credit reports',
'- Monitor health insurance Explanation of Benefits (EOB) '
'forms for unauthorized activity',
'- Report suspicious activity to law enforcement'],
'references': [{'date_accessed': '2025',
'source': 'Austin Daily Herald',
'url': 'https://www.austindailyherald.com'},
{'date_accessed': '2025-06-21',
'source': 'Mower County Official Notice',
'url': 'https://www.co.mower.mn.us/'}],
'response': {'communication_strategy': ['Public notice on county website '
'(https://www.co.mower.mn.us/)',
'Future written notices to affected '
'individuals',
'Media release via Austin Daily '
'Herald'],
'containment_measures': ['Immediate investigation launch',
'Network securing with expert '
'assistance'],
'enhanced_monitoring': 'Continuous monitoring of systems, data, '
'and network access',
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['Systems largely restored',
'Complimentary credit monitoring for '
'affected individuals'],
'remediation_measures': ['Ongoing review of impacted data',
'Strengthening network defenses'],
'third_party_assistance': ['cybersecurity consultants',
'data forensics consultants']},
'stakeholder_advisories': 'Public notice issued via county website and media; '
'future written notices planned for affected '
'individuals.',
'title': 'Mower County Ransomware Attack and Data Breach (June 2025)',
'type': ['ransomware attack', 'data breach']}