HAUPPAUGE, NY — There was no “definitive written plan for recovery” from the Suffolk cyberattack within the county’s main financial management system, Newsday reported, citing a county contractor’s leaked assessment.
There are also “no dedicated security professionals with the appropriate level of responsibility and accountability,” so Suffolk officials are facing more far-reaching conflicts of interest over their security decisions, according to the confidential report that Newsday obtained.
In a four-page memo by the computer software and services firm, CGI, which provides the county’s main financial management software for Comptroller John Kennedy’s office, auditors say there are “high-level risk considerations” and that there was “no guarantee” in early October that hackers were “completely identified or eradicated,” the outlet reports.
The memo also says that Suffolk’s “prior vulnerability management processes may not have been well articulated or evident,” Newsday reported.
For more in Newsday, click here.
Suffolk’s web-based applications were attacked Sept. 8, forcing officials to take down some of its services, including web pages and email, while they undertook an investigation. The attack has since been deemed a ransomware attack.
County officials have never indicated what demands have been made.
A cybercriminal gang named “BlackCat” has alleged responsibility, according to posts on the dark web.
County officials have previously said that the hackers responsible for the cyberattack had either accessed or acquired residents’ personal information and they advised vigilant credit monitoring.
Read More: news.google.com