By JAN McLAUGHLIN
BG Independent News
The fallout from the ransomware attack on Wood County government has resulted in the head of the county’s IT department tendering his resignation.
A letter sent out to county department heads on Thursday stated that IT Director Ben Hendricks was stepping down as of Feb. 7. He had been head of the county information technology department for 18 years.
The letter, sent out by Wood County Administrator Carri Stanley, explained that the county commissioners have hired Glass City IT, a consulting company, to provide services as a part-time chief information officer. The company has been working to “get themselves up to speed on our IT system,” the letter stated.
The chief information officer role will be filled by Casey Timiney, of Glass City IT.
While the county commissioners have added outside tech support, the county’s in-house IT team will remain intact, with Dan Whiting agreeing to serve as interim IT director. The county expects Whiting and five others on the tech staff will “not miss a beat in taking care of your IT needs. The outside assistance for the IT department is meant to complement the staff, not replace it,” the letter said.
County officials will begin the search for a new IT director soon, Stanley said.
The letter went on to thank county employees for working to get through the ransomware issue.
“We appreciate the patience, dedication, and endurance you and your staff have all shown during this very trying time,” the letter stated. “Your cooperation has been monumental in getting the county offices through a most difficult six weeks. We assure you that aggressive steps are being taken to ensure that the most appropriate technology, procedures, and systems are being put in place to protect the future security of our IT system.”
On Friday afternoon, Stanley said the county commissioners are looking at the creation of the chief information officer position to be permanent.
“That will be a long-term solution for the county,” she said.
The Glass City IT team is working closely with elected officials and department heads on best practices, IT policies and procedures, budgets and new trends in technology, Stanley said.
The contract with Glass City IT is $88,000 for services provided on a time/material basis, with no expiration date.
Also on Friday afternoon, Wood County Prosecuting Attorney Paul Dobson said the tech operations in the county government offices are back to normal.
“All the services to the public are operating as they are supposed to be,” Dobson said. “We’re back in business.”
“We’re very grateful for the patience and support the people of Wood County gave to the county government during this,” he said.
Dobson also assured county residents that steps are being taken to prevent such attacks on the county technology in the future.
“They can be sure we are aggressively working on that,” he said.
The ransomware was first detected on Dec. 9 by the Wood County Information Technology Department. The decision to pay the $1.5 million ransom was made based on guidance from a team of nationally recognized third-party cybersecurity and data forensic consultants.
On Dec. 23, the county commissioners issued a statement saying, “After careful consideration and guidance from a team of nationally recognized third-party cybersecurity and data forensic consultants, the county negotiated and paid a $1.5 million fee to ensure a full and efficient resumption of services. While making the payment was a difficult choice, the commissioners determined it was the necessary approach to best serve the interests of Wood County residents and employees.”
The county’s reserve funds, set aside for emergency and other unanticipated expenditures, allowed for the payment of this fee without impact on the county’s 2025 budget, according to the commissioners.
“While Wood County has for years invested in the security of its digital data and computer network, this incident has shown that criminal actors pose an on-going threat,” the commissioners’ statement read.
The statement said that the county will continue to strengthen security measures “to minimize the risk of a similar event occurring again.” During budget discussions for 2025, the commissioners agreed the county’s top priority in this year’s budget is beefing up its cybersecurity.
“While Wood County has spent substantial funds in the past on the security of its digital data and computer network, the top priority for 2025 will be focused investment in this area,” Stanley said in December. “We will be partnering with a nationally recognized third-party consultant to obtain ongoing security evaluations, guidance and recommendations for our systems, and we will be making significant IT investments.”
It’s unlikely that county citizens will learn how the ransomware infiltrated the county network. Dobson said last month that for security purposes the county has been advised by national security experts to not reveal the details.
“We will probably never tell the public how the incident occurred,” Dobson said.
While the $1.5 million ransom came from county reserve funds, county insurance coverage paid for the hiring of experts brought in to resolve the problem, Dobson said.
Though he would not reveal the amount of the original ransom request, Dobson did say the consultants negotiated a lower price.
“They were able to get the price down,” he said.
The cyber attack investigation is now in the hands of the FBI, Dobson said.
