The Suffolk County Legislature Cyber Attack Investigation Committee held a meeting on Wednesday, Aug. 23, at the William H. Rogers Legislature Building in Hauppauge.
The meeting lasted over four and a half hours.
The first witness, Vincent Cordiale, who had over 25 years of experience working for Suffolk County in the Information Technology Department, described the Cortex system, which was Suffolk County’s alert system.
Leading up to the September attack, Cordiale characterized the number of alerts from Cortex as “a lot of them,” and said the department was at risk for “information fatigue” from the sheer volume of alerts.
“When you have so many alerts, it just becomes a blur,” said Cordiale.
To combat the issue of “excessive emails,” a Slack channel was set-up for team members, but Cordiale could not determine when the alternate communication was established.
Cordiale said that in his opinion, his team was “short-staffed” and alluded that they were possibly undertrained, as they were only able to use vendor training on Cortex.
Following the attack, when machines were checked manually, it was determined that a significant number of computers were not equipped with the Cortex alert system.
Members of the bipartisan committee included committee chairman Anthony Piccirillo (R-8th District), presiding officer Kevin McCaffrey (R-14th District), minority leader Jason Richberg (D-15th District), Robert Trotta (R-13th District), Jim Mazzarella (R-3rd District), and Sarah Anker (D-6th District).
The investigation into the ransomware attack, in September 2022, concluded this spring.
The 40-page report noted that hackers gained access to the county clerk’s servers, enabling the attack.
The far-reaching and heavily debilitating attack forced Suffolk County government agencies to utilize paper records.
Sensitive information of the county’s 1.5 million residents was also reported to have been leaked during the attack.
The BlackCat/ALPHV ransomware group took credit for the incident. The group broke into the county clerk’s office, in December 2021, through the Log4j vulnerability.
Months of preparation went into the attack that was deployed on Sept. 8, along with a demand for $2.5 million. The group eventually lowered the demand to $500,000, but the county did not pay any ransom.
Although the report found that only 1.6 percent of systems across the county domains were impacted, officials had to disable email systems for over 10,000 county employees.
Real estate transactions were limited because the title search system was down for weeks following the September attack, and paper checks were issued to county contractors out of fear that hackers were still monitoring the payment transfer systems.
Suffolk County executive Steve Bellone said that having a chief information security officer would have changed the outcome of the situation.