By DENISE GRANT
Attempts by computer hackers to hold Henry County’s voter database for ransom had county and state officials scrambling just days before the Nov. 8 general election.
Voters were advised about the data breach in a letter sent by the Henry County commissioners earlier this month.
Commissioner Glenn Miller said the voter database was restored from backups at the county and state level, and no ransom was paid.
He said officials have no reason to believe the security breach compromised election results, or that voter registration information was extracted from the system.
The ransomware attack occurred on Oct. 31. Ransomware is a malicious software used to deny access to the owner’s data in an effort to extort money. Miller said hackers that use ransomware are typically after money, not stealing data.
“As part of our investigation, we worked closely with the Federal Bureau of Investigation to determine the scope of the incident,” Miller said.
Miller said a “leading forensics company” was also involved in the investigation.
Further details were not available from Miller on Tuesday.
The county is offering a one-year membership to an online identity protection service for those who may have been affected by the breach.
Voter registration information includes name, address, birthdate, political party and driver’s license information.
It is the only ransomware attack known to have affected voter information in Ohio during the election season, said Joshua Eck, press secretary for Secretary of State Jon Husted.
Eck said the network connection between the county and state database was immediately shut down once the breach was discovered, and no other data was compromised. He said Husted’s office sent staff members to replace the computer used to connect the county and state offices.
Since the incident, Miller said Henry County has been reviewing its data security and detection of malicious software on its computer systems, to defend data from future attacks.
The county is also conducting training sessions for all employees in data security and privacy.
In September, Husted wrote congressional leaders to protest plans for the federal government to study whether state election systems should be designed as “critical infrastructure.” The designation would allow the Department of Homeland Security to step in to protect those systems.
“The Constitution gives the states the right to administer federal elections as a check on the power of the federal government. If federal law can be used to take control of voting machines and voter databases, then that law must be changed to restore the balance that was intended in the Constitution and has served America well,” Husted wrote.
In early November, the Ohio National Guard’s cyberprotection unit audited Ohio’s voting system for vulnerabilities at Husted’s request.