Why An Insider Threat Detection Program is Critical

Adams County, Wisconsin is now facing a crisis of confidence and likely some lawsuits as well.


On March 28, 2018, the county says, it uncovered “questionable activity” on county computer systems.

Three months later, in late June, their investigation was complete.

The result: 258, 120 people had their data illegally accessed.

Data included protected health information and tax information.

How did this happen?  Someone installed illicit software on some workstations (key logger software) to capture userids and passwords.  The key logging software was disabled when it was discovered in March.

They say that there is no indication that the information was used for identity theft.  At this point they are not offering people credit monitoring.  Since there is no indication of a problem, they are telling people that they should, using their own time and effort, register a fraud alert at the credit bureaus.

So who perpetrated this dastardly deed?

According to search warrants filed earlier this month, they are investigating the computer of Adams County Clerk Cindy Phillippi.

Well, you say, the filing of a search warrant does not mean it is true.

Sure enough – accurate.

But apparently the county is convinced enough that the personnel director has asked the Adams County Board to hear charges against Phillippi and requested that she be removed from her elected office.

Apparently, she allegedly installed key logger software on nearly all of the county’s computers because she wanted to investigate a county department head that she believed was using his county computer to access pornography.  Clearly she was not a computer expert.

Maybe in Wisconsin the county clerk is considered a law enforcement investigator.  Unusual, but who knows?

Now the county is going to spend tens of thousands of dollars reporting the breach to those affected, state and federal regulators, Health and Human Services and others.

The worst part – the software was installed on or around January 1, 2013 – MORE THAN FIVE YEARS AGO.

Way to go Wisconsin!

So what does this mean to you and me?

First, if you are a resident or employee of Adams County Wisconsin, it means that a nosy clerk probably accessed your data.

But, since most of us do not live in Adams County, that is likely not a concern for most of us.

This is a perfect example of a an insider threat.  A person, in a position of trust, used that trust to do something (all right, allegedly, but I think she basically copped to it) that will cost her her job, could land her in prison, will likely subject the county to lawsuits, will cost the county tens of thousands of dollars and cause 250,000 people some consternation. 

An insider threat program should detect this kind of activity.  Unless she was using stolen credentials, it should detect that she (or someone), without authorization installed software, was connecting to computers that she (or someone) should not have, was collecting large quantities of data and other unusual activities.

It is also not clear why it took over five years to detect this problem.

This small county (population 20,148) is going to have a potentially large budget issue – assuming they don’t have insurance and most do not – because of not dealing with the insider threat.

Source: Data Breach Today


Leave a Reply

Your email address will not be published.