Insider breaches can be some of the worst HIPAA violations because they can go undiscovered for years, possibly affecting many more patients than a one-time hack.

Recently, Adams County Government in Wisconsin released a notice to the press detailing how they discovered a breach and how they believe it occurred.  Around March 28, 2018, an employee noticed questionable activity on the Adams County network.  An investigation was started, and the breach was verified around late June.

On June 29, 2018, Adams County received a forensic report that stated approximately 258,120 individuals’ “Personal Identification Information, Personal Health Information and/or Tax Intercept Information” was compromised. This information was stored on the network in many different departments, including the Veteran Service Office, Extension Office, Adams County Employees, Solid Waste, Health and Human Services, and the Child Support and Sheriff’s Office from the time period of January 1, 2013 through March 28, 2018.

There was evidence that the unauthorized individuals were able to capture usernames and passwords which allowed the unauthorized individuals to gain access to “environments that were beyond their role and/or department.”

There is a criminal investigation into the incident underway.  During the investigation, so far, one or more suspects have been identified, and their access to the Adams County network has been revoked.  Additionally, “Access to control and/or authorize access to the involved departments has been restricted and placed in the control of one designated individual.”

Adams Count Government is currently evaluating solutions to help prevent such a breach from happening in the future.  They will implement the designated solution when funding allows.


Five years is a long time for a breach to occur.  Join HIPAAgps today and learn how you can try to prevent such a situation.