The West Virginia state government is recovering from a malicious software attack that caused the state’s Office of Information Technology to take 1,144 state government computers – about 6 percent of the state’s total computers – out of service.
The attack, detected Oct. 24, was aimed at more than 20,000 state employees across a range of state agencies. The virus was sent via an email sent to everyone with an email address that ended in @wv.gov, the government’s official domain.
“We had to clean and wipe the infected machines,” state technology office spokeswoman Diane Holley-Brown told the Charleston Gazette in West Virginia. “We did all the protocols, and we’ve finished cleaning nearly all of them.”
Most state employees did not open the email after the state distributed a voicemail message about the malware attack shortly after it was sent.
To remove the computer threat, the state technology office worked with the West Virginia Division of Homeland Security and Emergency Management, National Guard, FBI, and the Multi-State Information Sharing and Analysis Center.
The state also followed up with two email messages of its own – one that explained the malware attack and another that gave instructions for preventing people from being susceptible to similar attacks in the future.
“These types of viral attacks on computers are common in all organizations and occur daily,” said Gale Given, chief technology officer for West Virginia told the paper. “For that reason, our technical staff is always diligently monitoring for possible attacks. In this case, we took immediate and continued action to protect the state’s network.”
While it appears West Virginia escaped a situation that could have become more serious, this is just the latest security breach in a state government.
Security continues to be the top priority for chief information officers across state government. Last month, the National Association of State Chief Information Officers released its top 10 rankings of state CIO priorities, and security ranked as the top priority for the second consecutive year.
For years, security ranked among the top 10 priorities for state CIOs, but only reached the top spot last year.
That came in the wake of some public security breaches, most notably in 2012 when South Carolina’s Department of Revenue was hacked and the Social Security numbers of more than 3.6 million state residents and nearly 400,000 credit and debit card numbers were exposed.
That same year, Utah saw a major breach as well as the Social Security numbers and other personal data of more than 280,000 Medicaid recipients in the state was put at risk, leading to the resignation of the state’s chief information officer and the hiring of a new chief security officer to overhaul the state’s security procedures.