Suffolk County Had No 'Definitive Written Plan For Recovery' From Cyberattack: Report

HAUPPAUGE, NY — There was no "definitive written plan for recovery” from the Suffolk cyberattack within the county's main financial management system, Newsday reported, citing a county contractor's leaked assessment.

There are also “no dedicated security professionals with the appropriate level of responsibility and accountability," so Suffolk officials are facing more far-reaching conflicts of interest over their security decisions, according to the confidential report that Newsday obtained.

In a four-page memo by the computer software and services firm, CGI, which provides the county's main financial management software for Comptroller John Kennedy's office, auditors say there are "high-level risk considerations" and that there was "no guarantee" in early October that hackers were "completely identified or eradicated," the outlet reports.

The memo also says that Suffolk's "prior vulnerability management processes may not have been well articulated or evident," Newsday reported.

For more in Newsday, click here.

Suffolk's web-based applications were attacked Sept. 8, forcing officials to take down some of its services, including web pages and email, while they undertook an investigation. The attack has since been deemed a ransomware attack.

County officials have never indicated what demands have been made.

A cybercriminal gang named "BlackCat" has alleged responsibility, according to posts on the dark web.

County officials have previously said that the hackers responsible for the cyberattack had either accessed or acquired residents' personal information and they advised vigilant credit monitoring.

Last week, officials announced that the personal information of about 470,000 people who received traffic tickets might have been compromised, as well as the availability of free credit monitoring services.

RELATED STORIES:

• Suffolk Offers Free Credit Monitoring To People Exposed In Cyberattack
• Suffolk Pols Give Subpoena Power To Panel In Cyberattack Probe: Report
• Suffolk Clerk Received Multiple Alerts Before Cyberattack: Report
• Funding Questioned As Suffolk IT Head Plans To Boost Staff, Equipment
• Suffolk Lawmakers Form Committee To Investigate Cyberattack: Report
• Suffolk Officials Warned Of Possible Cyberattack Months Ago: Report
• Suffolk Cyberattack: Title Searches Return As Property Sales Delayed
• Suffolk Hack: Residents Told Obtain Credit Report, Look Over With Care
• 'Threat Actor' Claims Responsibility For Suffolk Hack On Dark Web
• Suffolk Exec Says 'Cyber Intrusion' Has Hallmarks Of Ransomware
• After Possible Cyberattack, Suffolk Deploys Manual Record-Keeping