Mitchell County announced Friday that it has completed an investigation into a ransomware attack last fall that compromised personal data of several clients of Mitchell County Social Services.
According to an official release, the county detected ransomware on its computer network on Oct. 20, 2025.
"Ransomware" is commonly defined as malicious software created with the purpose of locking computer-users out of their own computers and systems. Typically, the people behind the ransomeware will demand some form of ransom in order to restore access.
The county worked with local, state and federal law enforcement agencies to investigate this attack, as well as cybersecurity agencies such as the North Car-olina Joint Cybersecurity Task Force.
The investigation determined that between Oct. 16 and Oct. 20, 2025, criminals had hacked into county computer systems and taken data from those systems, including personal information and protected health information of certain Mitchell County residents.
Individuals impacted by this leak of data were given written notice in April 2026. The affected information included names, addresses, Social Security numbers, driver's license and other identification card numbers, taxpayer identification numbers, passport numbers, tribal identification numbers, immigration identification numbers, financial account
information, payment card information, medical record numbers, patient account numbers, Medicare and Medicaid numbers, health insurance information, medical diagnosis information, medical treatment information, prescription information and other informationrelatedtoservices the victims received from the county.
Thecountyisencouraging victimstocontinuemonitoring their financial accounts and credit reports. The county has posted tips on its website, www.mitchellcountync. gov, for avoiding identity theft for those affected
According to the county website, the county has also taken steps to upgrade its computer and email systems to ensure this does not happen again.
In January, Mitchell County's computer security woes were featured in an article in the national publication The HIPAA Journal, which monitors issues with the Health Information Portability and Accountability Act. HIPAA was passed by the U.S. Congress in order to better protect personal health information.