Cyberattack hearing raises questions about Suffolk’s computer security

With the one-year anniversary of its crippling ransomware attack approaching, Suffolk County faces new questions about the state of its computer security in the months leading up to and following an intrusion that still has the county under a state of emergency.

Last week, in sometimes-tense testimony before a Suffolk legislative committee investigating the Sept. 8 attack, a veteran county computer systems manager described a “hollowed-out” computer department that was so understaffed and overwhelmed by intrusion-detection notices in the months before the attack that workers diverted alerts to a spam-like folder.

Vincent Cordiale said the alert system, known as Cortex, had not been installed on an unspecified number of computers, while failing to detect intrusions on others. He also revealed that a known computer vulnerability tied to the intrusion at the County Clerk’s Office also had not been patched at other county departments before the attack, and that some of them weren’t fully patched until after the fall 2022 remediation.

The cyberattack shut down of a broad swath of county online services, from civil-service testing and traffic and parking violations functions to police dispatch to certain functions of the comptroller and clerk’s office, with personal data of nearly 500,000 people potentially exposed. The county didn’t pay the initial $2.5 million ransom that hackers sought, but remediation kept some vital services offline until February. It’s unclear how many are still out.

In addition to the Suffolk Legislature’s investigation, there are federal and Suffolk district attorney probes. On Thursday, Suffolk District Attorney Ray Tierney said the…