Bucks County Refused to Pay Ransom to Restore Systems After Cyberattack
Officials in Bucks County, Pennsylvania, said the government refused to negotiate with the hackers claiming responsibility for the cyberattack on January 21 that shut down computer systems and the county never paid any ransom to restore the systems.
Instead, the county said it has relied on its own information technology and emergency communications departments’ cyber maintenance and their backup practices to restore the computer-aided dispatch (CAD) emergency communication system that was temporarily inoperable. The county also brought in some forensic and legal experts.
Officials have indicated that the ransomware group Akira is likely to have been responsible for the attack.
The forensic investigations by the county and its consultants have found no evidence that any data was copied or otherwise extracted from the CAD system.
“The CAD took the county two years to build, and when a cyberattack took it offline our team put the system back together in just nine days,” said Diane Ellis-Marseglia, chair of the Bucks County Board of Commissioners. “We’ve still got more rebuilding to do, but we’re immensely proud of the work our staff has done so far, and we’re incredibly thankful for the assistance of our partner agencies and cybersecurity vendors.”
Emergency dispatchers’ use of the CAD system resumed January 30. Dispatchers in the interim relied on backup systems to document and dispatch calls for service. At no point during the outage were the county’s 911 call-taking abilities interrupted, according to the county.
The county has also restored its connectivity to state and federal databases containing criminal justice information.
The county commissioners at their regular meeting on February 7 approved expenditures for cybersecurity and legal experts. The commissioners approved up to $375,000 for a contract for cybersecurity and forensic services from CRA International Inc. of Boston; $197,925 for cyber security software from with CDW Government of Illinois; and a $1,000 hourly rate for data breach related legal services from DLA Piper LLP of Philadelphia.
At the same meeting, the board also approved more than $2.1 million in payments to broker Aon Risk Services Central for 11 insurance policies, one of which was for cyber liability.
The January incident remains under county, state and federal investigation.
It was the second recent cyber incident at the Bucks County emergency department. The county reported another incident a month earlier on December 21, 2023, when it said the 911 system began experiencing technical issues at 10 a.m. By 12:15 p.m. the same day, the department said all service had been restored.
- US P/C Underwriting Results: Two Years in a Row Over $20 Billion in the Red
- US Home Insurance Still Priced Too Low for Climate Risk, Says Swiss Re Chair
- NY Plane Crash Kills 5 Members of Georgia Family, Including Former Insurance Analyst
- Scientists Concerned That a Bird Flu Pandemic Is ‘Unfolding in Slow Motion’