In a response to one of the most destructive cyber attacks on a municipality in the USA, Suffolk district in New York has approved $25.7 million for restoration efforts. The attack, which occurred on September 8, 2022, was carried out by the Alphv/Blackcat group, causing severe disruptions to critical systems. Personal data of 470,000 residents and 26,000 employees were compromised, and police services were disabled for several weeks. Payment systems, access to public records, and online services were also affected, with the district’s main website being offline for months. Officials argue that the repercussions of the attack are still being felt.
Following the attack, former executive director Stephen Bellone declared a state of emergency lasting 16 months, allowing the district to bypass the usual contract bidding process for state contracts. The total expenses incurred by the cyber attack are yet to be finalized, but current estimates reach $25.7 million, including contracts running through the end of 2024. The district controller, John Kennedy, accused the previous administration of spending $13.8 million on unnecessary or unused products.
The new executive director, Edward P. Romain, is now seeking ways to recover some of the funds. Romain criticized the previous administration for signing long-term contracts during the transitional period. Meanwhile, prosecutor Ray Tirney is investigating allegations of document destruction in the final days of Bellone’s term. Bellone maintains that all data backups were restored or reconstructed, and the district did not pay any ransom to the attackers.
Aside from the $25.7 million, the district has also incurred expenses related to overtime work, legal fees, and other services not directly tied to technology. A significant portion of the funds, $8.1 million, was allocated to Palo Alto Networks for system support and forensic investigations. A legislative report on the cyber attack is expected soon, focusing on the attack’s cause and the district’s response rather than just the financial costs.
Romain has proposed the formation of a special committee to investigate expenses and has suggested allocating $26 million to enhance current security systems, enabling the district to qualify for cyber insurance. This insurance is only provided when adequate security measures are in place. The district continues to work on improving its cybersecurity measures to prevent future attacks.