County and local governments and the residents they serve can take action to prevent and respond to cyberattacks.

The county is recommending that residents monitor credit reports and financial accounts, and report suspected identity theft to law enforcement after personal information was stolen from the county computer network last year in a cyberattack.

The stolen information includes names, Social Security numbers, driver’s license numbers, state identification numbers, individual taxpayer identification numbers, passport numbers, medical conditions or treatment information, financial accounts or payment card information, and individual health insurance policy numbers.

“County and local governments should coordinate on implementation of a holistic cybersecurity plan, which will make cybersecurity training and awareness a mandate requirement for all their employees,” said Nitin Sukhija, an associate professor and director of the Center for Cybersecurity and Advanced Computing at Slippery Rock University.

He said spear phishing, which targets people and organization through the use of malicious emails, is a major online threat.

“Spear phishing is major type of cyberattack mechanism leading to major data leaks recently. The governments should hire cybersecurity experts who will filter the networks/emails for any malicious activities and also monitor all software and applications for the vulnerabilities and the corresponding mitigation plans to reduce risks of cyberattacks,” Sukhija said.

Residents often don’t have a choice about sharing personal information with government agencies, but they can take steps to protect their information, he said.

When citizens share information with the government, they are essentially “outsourcing security of their personal data,” Sukhija said.

Residents can regularly change passwords, look for options that don’t involve passwords and use biometrics that help prevent hackers from exploiting information exposed through a data breach, he said.

After a breach, residents should consider registering for credit monitoring tools and identity protection services to guard their data, he said.

Sukhija recommends changing passwords, removing phone numbers from all credit cards, using a VPN for web browsing, using email aliases, enabling alerts on all financial transactions and social media accounts and using two factor authentication when available.

The county sent letters Wednesday to people whose information was stolen during the breach, but does not have contact information for all of those affected, according to a notice posted on the county website.

“There was unauthorized access to, and acquisition of, personally identifiable information maintained on the county’s network,” according to the website notice.

After federal authorities alerted the county about suspicious activity Oct. 2, the county began working with a digital forensics team to secure the network and investigate the incident. On Oct. 30, the county determined that personal information had been taken. Federal authorities continue to investigate the breach.

The district attorney’s office was notified and the county continues to cooperate with the federal investigation, according to the county.

For those whose Social Security number, driver’s license number and/or state identification card number were impacted, the county recommends enrolling in a free credit monitoring membership with Experian.

The county also said those residents should look for incidents of fraud and identity theft by regularly reviewing your statements, free credit reports, and any health insurance Explanation of Benefits forms for unauthorized or suspicious activity. Suspected identity theft should be reported to local police, the state Attorney General and the major credit bureaus, according to the county.