Key Takeaways
- Winona County suffered a cybersecurity attack on Monday that disrupted several internal systems, including the Department of Motor Vehicles and vital statistics.
- Emergency services remain fully operational; 911 calls, law enforcement, fire, EMS, and dispatch continue without interruption.
- County officials have taken parts of the network offline to contain the threat and are restoring systems in a phased, secure manner.
- The attack is the second cyber incident faced by the county this year, following a ransomware event in January.
- Local, state, and federal partners are collaborating on the investigation, though no details about the perpetrators or potential data breach have been released.
- Residents are asked to be patient while recovery efforts continue; neighboring counties can assist with DMV‑related needs in the interim.
Overview of the Incident
On Monday, Winona County experienced a cybersecurity attack that prompted immediate action from its information technology and emergency management teams. The breach affected multiple county systems, most notably the Department of Motor Vehicles and vital statistics databases, which were taken offline as a precautionary measure. While the exact nature of the malware or intrusion vector has not been disclosed, officials confirmed that the incident required parts of the network to be isolated to prevent further spread.
Response and Containment Measures
Ben Klinger, Winona County’s emergency management director, emphasized that the decision to shut down specific network segments was deliberate and necessary to contain the threat. By segmenting the infrastructure, the county aimed to protect critical assets while limiting the attacker’s ability to move laterally. This containment strategy, although disruptive to certain administrative functions, was described as a standard best practice in incident response.
Status of Essential Services
Despite the disruption to non‑essential systems, Klinger stressed that emergency services remain fully functional. He assured the public that calls to 911 are answered promptly and that law enforcement, fire, emergency medical services, and dispatch centers continue to operate without hindrance. This clarification was intended to alleviate concerns that the cyberattack might compromise public safety.
Phased Restoration Approach
Recovery efforts are proceeding in a phased manner. Systems are being brought back online only after they have been verified as secure and free of lingering threats. Rather than waiting for a complete overhaul, the county is restoring individual services as they pass security checks, thereby gradually reinstating functionality while maintaining vigilance against re‑infection.
Scope and Uncertainties
The full extent of the affected departments and systems has not been publicly detailed. Officials have not confirmed whether any personal data was exfiltrated or compromised during the breach. This uncertainty reflects the ongoing nature of the forensic investigation, which aims to determine the attack’s origin, methodology, and potential impact on resident information.
Historical Context: Prior Cyber Incident
This marks the second cybersecurity incident Winona County has faced in 2026. Earlier in the year, on January 23, the county reported a ransomware attack that similarly disrupted its computer network. The recurrence underscores a growing trend of cyber threats targeting municipal governments, highlighting the need for robust defensive measures and continuous improvement of incident response capabilities.
Leadership Declaration and Public Communication
Winona County Board Chair Chris Meyer formally declared a local emergency in response to the latest attack, enabling the mobilization of additional resources and streamlining coordination with state and federal agencies. Throughout the press conference, officials maintained a transparent yet cautious tone, acknowledging progress while refraining from divulging investigative specifics that could jeopardize the ongoing inquiry.
Collaboration with External Partners
Klinger emphasized the collaborative effort involving local IT staff, state cybersecurity units, and federal agencies such as the Cybersecurity and Infrastructure Security Agency (CISA). He praised the speed, professionalism, and coordination of these teams, noting that their combined expertise is essential for identifying the attackers, mitigating damage, and preventing future incidents.
Message to Residents
In closing, officials urged residents to exercise patience and understanding as recovery work continues. They pointed out that neighboring counties can assist with DMV‑related transactions while Winona County’s systems are being restored. The overarching message was one of resilience: the county remains committed to restoring full services, learning from the incident, and strengthening its cybersecurity posture moving forward.