An investigation has determined that a computer system security breach detected by Clark County’s Information Technology staff in late October was a cyberattack.
According to a press release, the nature and scope of the attack, and any possible impacts to county data, are still being investigated.
“Clark County takes the security of our network and data very seriously,” County Manager Kathleen Otto said in the release. “As soon as we discovered the suspicious activity, we took steps to confirm the security of the county network and launched an investigation.”
The security breach was detected on Oct. 21. Days later, the county council approved hiring a forensic specialist to investigate. The county also worked with cybersecurity specialists to assist with the remediation, containment and investigation of the incident, the release said.
Some parts of the county website were unavailable immediately following the cyberattack. The Property Information Center and Geographic Information Systems departments were among the hardest hit. Online maps for zoning, land use, transportation systems, development and other areas were unavailable for several days. All maps are now available online.
Other departments struggling with computer issues immediately after the attack were the prosecuting attorney’s office, jail services and Superior Court.
David Shook, director of jail services, said his department coordinated efforts with its law and justice partners to ensure the jail could process new arrests and work through court processes.
Superior Court dockets also got off to a slow start after court staff found they did not have access to the court computer system, and there were issues connecting with defendants in the jail. Attorneys had to rely on printed paper copies for criminal histories and other documents rather than using a laptop. For some cases, court staff left the courtroom to print out documents for the judge to review, slowing court proceedings considerably.
“From my understanding, there were some initial glitches with access, but we have utilized backup and work-around systems to keep the processes going with our internal and external partners,” Shook said in an Oct. 23 email.
County Auditor Greg Kimsey said computer systems in the elections office, which had mailed ballots for the Nov. 7 general election a week earlier, were not affected, but some activities were.
“The suspicious activity caused a brief delay in our ability to update, make changes, adds and deletions to the voter-registrations record, the VoteWa.gov system,” Kimsey said in an Oct. 23 interview.
The election-management system and voter-registration database are part of the VoteWA.gov statewide system operated by the Washington secretary of state. Although the state and county computers were not affected by the security issue, communications between the two systems were affected.
According to the county website, all issues in the elections office have been resolved.
While county staff worked to restore functionality of the network, the county would not disclose what steps were taken.
“To protect the integrity of Clark County’s information technology environment, we do not disclose the specific security measures protecting our network,” the website states.
According to Joni McAnally, communications specialist for the county, there was no indication that residents’ data or any other data was stolen or disclosed.
This is the second network breach at the county this year. According to its website, the county is taking steps to prevent further breaches.
“We can’t say whether the two incidents are the same or similar as the investigation is still ongoing,” the website states. “Clark County, like many other entities, monitors the security of its networks which is how this issue was discovered. The county diligently monitors its networks and takes necessary action to safeguard its systems.”
For more information and updates, go to https://clark.wa.gov/communications/news-updates.