3 months after cyberattack that threatened ‘public health crisis,’ Jersey City MUA computer systems still not fully restored

The recent cyberattack at the Jersey City Municipal Utilities Authority inflicted damage that lasted months and threatened to cause a “public health crisis,” the agency said.

Officials from Jersey City and the autonomous utilities agency have said little about the Sept. 30 ransomware attack, which MUA documents said blocked access to “vital” water and sewer information.

But the MUA spent nearly half a million dollars to address the attack, and the agency’s computer systems were still not fully functional even three months after the cyber incursion, an MUA resolution passed last month shows.

At a Dec. 17 meeting, the MUA Board of Commissioners voted to approve a new $391,000 emergency contract with cyber security firm Digital Team Six for “technical restoration services,” according to a resolution obtained through an Open Public Records request. The new contract was “necessary to avert a public health crisis,” the resolution said.

“Despite repeated efforts … problems continued to be encountered with restoring all of the JCMUA’s internet technology network to full operation,” the resolution states, adding that “it has become increasingly apparent that advanced technical assistance will be required.”

But the extent of the potential “public health crisis” is unclear. JCMUA Executive Director Jose Cunha could not be reached for comment and MUA Board of Commissioners Chair Maureen Hulings declined to comment. Digital Team Six staff did not immediately respond to requests for comment.

The contract comes on the heels of an $18,675 contract with a different information technology firm, as well as a $25,000 contract with Pennsylvania law firm Mullen Coughlin to investigate the incident — putting known expenditures related to the incident at $434,675. MUA officials expected at least $25,000 of that to be covered by insurance.

It’s also unclear exactly what the hacker or hackers wanted to target. However, the attack caused the agency to “lose access to vital information and documentation related to the provision of water and sewerage services to the citizens of the City of Jersey City,” an October resolution reads.

In ransomware attacks, hackers block…


Potential privacy breach of Saskatchewan health records in January 2020 malware attack

The Saskatchewan government says a privacy breach may have occurred in an eHealth malware attack in January 2020.

Officials said a breach of personal health information potentially occurred on systems administered by eHealth for the Saskatchewan Health Authority (SHA) and the Ministry of Health.

The malware attack happened after an employee in the health-care sector opened a suspicious attachment in an email.

Read more:
eHealth files stolen in ransomware attack

The malware then spread throughout Saskatchewan’s IT system, officials said, and resulted in a ransomware attack.

eHealth said it managed to contain and eliminate the malware and restore compromised files after the attack was discovered.

Story continues below advertisement

A forensic investigation found that some files were sent to a suspicious IP address. Those were encrypted during the attack and later restored from backups, officials said.

However, they were unable to accurately determine what information was sent to the IP address.

“While the forensic investigation rendered no evidence that personal health information was compromised, the investigation was unable to rule out a breach of personal health information,” said a government statement.

“The inability to absolutely verify that no privacy breach occurred is leading to public notification of a potential privacy breach involving personal information or personal health information.”

Click to play video 'Cyber security experts say ransomware data breach in health care sector is a lesson for everyone'

Cyber security experts say ransomware data breach in health care sector is a lesson for everyone

Cyber security experts say ransomware data breach in health care sector is a lesson for everyone – Sep 29, 2020

eHealth said it continues to monitor the internet for any signs the files are in the wrong hands and said there is no evidence of this after its latest six-week scan was completed in November.

Story continues below advertisement

A number of measures have been brought in since the malware attack, officials said.

This includes intensified training for all employees on the…


Ransomware Attack Targeted Vendor Used By Allegheny Health Network – CBS Pittsburgh


5 hospital, health system malware, ransomware and phishing incidents in November

  1. disclosed that one of its medical practices was hit by a ransomware attack, leaving patient data unrecoverable.
  2. Lawrence (Mass.) General Hospital began notifying patients their information was exposed during a data breach.
  3. Conway (Ark.) Regional Medical Center reported an email account hacking incident that exposed the information of 2,945 patients.
  4. Mercy Iowa City began notifying 60,473 people that their information was exposed after an employee’s email account was hacked.
  5. Baton Rouge, La.-based LSU Health Care Services Division reported that patient information was compromised during the hacking of an employee’s email account.

More articles on cybersecurity:
Ohio hospital still bringing computers back online 2 months after IT incident
Sanford Health launches cybersecurity health innovation hub
U of Cincinnati Medical Center to pay $65K HIPAA fine for not sending patient’s records to third party