New York Cyber Attacks

Infrastructure Affected

Public Safety
Government
Medical
Education
 
New York.jpg
 

Public Safety

New York State Servers, State of New York

Breach Type – Hacking, Other

My San Antonio
April 13th, 2020
  • Statewide cyberattack caused nearly month-long setback
  • Officials believed attack originated outside the country
  • IT personnel discovered several hacked servers
Read More

 
Town of Colonie & Colonie Police Department, Albany County

Breach Type – Unknown, Ransomware

WNYT
January 17th, 2020
  • Colonie, New York among latest victims of ransomware cyberattack
  • At least three other attacks occurred in the same area within the last year
  • Officials reported no outages for emergency services
Read More

 
NYPD Database, New York County

Breach Type – Hacking, Ransomware

NY Post
November 24th, 2019
  • Contractor used compromised device, caused NYPD fingerprint database to go down
  • Over 20 fingerprint devices were taken down by infected computer
  • Contractor was questioned but not charged, officials stated less than 1% of NYPD's computers affected
Read More

 
Schenectady County Government, Office of Sheriff, & Correctional Facility, Schenectady County

Breach Type - Malware

News 10
December 13th, 2018
  • Schenectady County officials detected a virus in the computer network
  • County website and email system temporarily shut down
  • No evidence of data breach due to virus
  • 911 Central Dispatch Center unaffected
Read More
Times Union
December 13th, 2018
  • Network systems hacked and rendered offline
  • Jail & Courthouse affected
  • Malware quickly detected
  • As a result, emails and website systems shut down
Read More
Gov Tech
December 20th, 2018
  • Sheriff's office computer systems compromised by malware
  • Hackers suspected to be part of crime syndicate
  • Malware moved laterally across systems targeting data
Read More

 
Schuyler County Sheriff’s Department

Breach Type - Hack

Lockport Journal
September 7th, 2017
  • Direct attack from foreign country on Schuyler County
  • Hackers attempted multiple passwords to get online
Read More
WENY News
September 11th, 2017
  • No data was compromised/breached
  • Schuyler county was up to date with anti-virus & anti-malware
  • This specific attack was more advanced than the security they had set up
Read More

 
BACK TO TOP

Local Government

City of Olean, Cattaraugus County

Breach Type – Unknown, Ransomware

Olean Times Herald
April 17th, 2020
  • City IT officials discovered and stopped ransomware cyberattack
  • Mayor commented that attack occurred during vulnerable time for city
  • Email and clerk's office were among those directly affected
Read More

 
New York City’s MMS and SMS text-messaging system, State of New York

Breach Type – Hacking, Other

Fox 28 Media
March 17th, 2020
  • Bad actors hijacked MMS and SMS messaging
  • Fraudulent government service shutdown messages sent
  • US intelligence agencies helped investigate
Read More

 
Nassau County, Nassau County

Breach Type – Phishing, Other: Funds Stolen

WCBS 880
January 10th, 2020
  • County was victim of phishing cyberattack
  • Officials were able to recover hundreds of thousands of dollars
  • Employees became suspicious when they noticed grammatical errors
Read More

 
Albany International Airport, Albany County

Breach Type – Unknown, Ransomware

Daily Gazette
January 10th, 2020
  • Ransomware utilized in cyberattack against airport
  • Federal and state law enforcement conducted investigation
  • Airport dropped third-party vendor following attack
Read More

 
Town of Moreau, Saratoga County

Breach Type – Unknown, Malware

Post Star
January 1st, 2020
  • A Christmas eve attack leaves the town hall potentially having personal data exposed
  • The town was notified of the virus by an IT contracted company that monitors their networks
  • It took over 30 man hours spanning onto Christmas day to resolve the attack allowing systems to be restored to backups
Read More

 
Onandaga County Public Library Systems

Breach Type – Unknown, Other

Syracuse
July 13th, 2019
  • Public library announced via social media that online systems were down and expected not to be online until after the weekend
  • All branches impacted and online catalog and accounts were not available – some phone systems were also impacted
  • Unclear if this outage is connected with the Syracuse City School District ransomware attack
Read More

 
Broome County Government Systems, Broome County

Breach Type - Phishing, Data Breach

Press Connects
May 31st, 2019
  • Broome County victim of cyber attack, suspect likely accessed personal information of county employees
  • County officials discovered the breach after employee's direct deposit information was changed
  • Officials advised that they added multi-factor authentication and additional employee training
Read More

 
City of Albany, Albany County

Breach Type - Unknown, Ransomware

Times Union
March 30th, 2019
  • The city had fallen victim to a ransomware attack and it was announced publicly
  • The full extent of the attack was not immediately revealed
  • It is still being examined and information will be released to the public as it is found
Read More
Times Union
March 31st, 2019
  • The Albany Police Officers Union was affected by this attack
  • Many city services were taken down due to the attack, the Police Union could not access internet-dependent systems
  • Limited access affected the patrols and their operations, the department was still manned properly
Read More

 
U.S. Congressman (Peter King) Campaign Website, Long Island, Kings County, Queens County

Breach Type - Other

wshu Public Radio
October 9th, 2018
  • Campaign website for U.S. Congressman, Peter King, targeted by hackers
  • Cyber attackers defaced website with Turkish Propaganda
  • Malware has since been removed, unknown how the attackers infiltrated the website
Read More

 
Otsego County

Breach Type - Other, Cryptojacking

The Daily Star
October 4th, 2018
  • County government experienced significant cyber attack
  • Infiltrators exploited zero-day vulnerability in system
  • Services taken offline
  • No indication that citizen data was accessed or exposed
Read More
The Daily Star
October 10th, 2018
  • Eastern European hackers infiltrated Otsego county network
  • Used system’s computing power to mine cryptocurrency
  • Systems ran very slowly, CPU’s maxed out, several servers showed alerts of a potential virus
  • Remote desktop server in a county employee’s home was identified as the source of the breach
Read More

 
Town of Ulster, Ulster County

Breach Type - Malware

Daily Freeman
September 26th, 2018
  • Entire town system affected by virus
  • Virus infiltrated outlook accounts, sending mass mal-spam emails to town contacts
  • Town of Ulster constantly re-infected with virus resulting in a painstaking recovery
Read More

 
Town of Irondequoit, Monroe County

Breach Type - Phishing, Other

13 abc WHAM
September 11th, 2018
  • Irondequoit employee fell victim to phishing scheme
  • Email account used to send out unauthorized mass email
  • Email contains malicious PDF attachment
  • Town warning to immediately receive the malicious email should residents receive it
Read More

 
St. Lawrence County Website, St. Lawrence County

Breach Type - Hacking, Other

WW NY TV
August 21st, 2018
  • Website shut down due to hack
  • St. Lawrence county home-page defaced
  • Hackers claimed to contain private county information
  • County does not believe any private information compromised
Read More
WW NY TV
August 22nd, 2018
  • Employees instructed to reset account passwords in wake of website defacement
  • IT department conducting investigation to find source of hack
  • County website will be restored after investigation concludes
Read More

 
Town of Brookhaven

Breach Type - Hack

CBS New York
June 26th, 2017
  • Part of Islamic Union test hacks of government websites
  • Team System Dz claims responsibility
  • Brookhaven one of 76 websites impacted in this string of ISIS Propaganda
Read More

 
Rensselaer Public Library

Breach Type - Ransomware

Altamont Enterprise
June 1st, 2017
  • Hackers ask for several hundred dollars as ransom
  • Library server was slow, indicating virus had infected system
  • Wiped server clean and restored it in a week
Read More

 
Orange County

Breach Type - Hack

Data Breaches
October 21st, 2016
  • Hackers gain access to those involved with Middletown PD
  • Investigation has not proven fraudulent misuse of personal information
  • FBI notified city that its network was compromised
Read More

 
Onondaga County

Breach Type - Ransomware

Syracuse
March 14th, 2016
  • Virus originated from Russia
  • Employee recognized suspicious activity on computer and notified IT dept. immediately
  • IT staff shut computer of network before virus could spread
  • Virus was thwarted, further investigation helped identify cause and origin
Read More

 
BACK TO TOP

Medical

National Eating Disorders Association (NEDA), New York County

Breach Type – Unknown, Ransomware

Medium
April 1st, 2020
  • Bad actors threatened release of data following cyberattack
  • Non-profit organization was latest victim of ransomware
  • Sensitive data was leaked several days later
Read More

 
East House, Monroe County

Breach Type - Phishing, Data Breach

PR News Wire
February 17th, 2020
  • East house is alerting public of potential data misuse in recent suspicious activity
  • An employee email was accessed potentially exposing several employees' sensitive private information
  • Following event East house is informing staff on preventative measures to avoid future reoccurrences
Read More

 
Personal-Touch Home Care, Nassau County

Breach Type - Unknown, Ransomware

Beckers Hospital Review
February 27th, 2020
  • Over 157,000 patients had information exposed
  • Ransomware used by bad actors to steal private information
  • Third party IT firm and federal law enforcement assisted
Read More

 
Jordan Health, Monroe County

Breach Type - Unknown, Ransomware

Rochester First
February 28th, 2020
  • Health center was victim of ransomware cyberattack
  • FBI and others helped investigate attack and restore system
  • Officials believed patient information wasn't leaked
Read More

 
Health Quest; Lagrangeville, Dutchess County

Breach Type – Phishing, Data Breach

Becker’s Hospital Review
January 13th, 2020
  • Numerous employees were victim of phishing cyberattack
  • Employees provided credentials to fraudulent entity
  • IT officials secured affected email accounts following attack
Read More

 
Brooklyn Hospital Center, Kings County

Breach Type – Unknown, Ransomware

Bleeping Computer
November 5th, 2019
  • Ransomware attack caused permanent data loss at Brooklyn Hospital
  • Officials believed that data was not stolen from their system and was only removed
  • Notification to patients indicated that hospital did not have appropriate backup systems
Read More

 
Adirondack Health, Franklin County

Breach Type - Hacking, Data Breach

Health IT Security
July 16th, 2019
  • 25,000 patients have been notified following an attack potentially exposing sensitive information
  • A hacker had gained access to an email account allowing them to view protected information of one email containing medical information
  • It does not seem to originate from a phishing attack and instead accessed from an outside remote attack
Read More

 
Olean Medical Group, Cattaraugus County

Breach Type - Unknown, Ransomware

Olean Times Herald
June 17th, 2019
  • It was discovered that 40,000 patients were not exposed following a hack
  • The group remains actively practicing, simply resorting to pen and paper as systems are restored
  • The attack was compared to a terrorist attack as hackers sought out an large sum in order to supposedly restore files
Read More

 
Episcopal Health Services, Queens County

Breach Type - Phishing, Data Breach

Data Breaches
May 10th, 2019
  • There had been suspicious email activity in employee’s email accounts
  • Third party investigators assisted investigations finding that the accounts had been accessed
  • Some sensitive patient information had been exposed due to the compromised email accounts
Read More

 
DePaul’s Behavioral Health Program, Erie County

Breach Type - Phishing, Data Breach

Democrat and Chronicle
March 30th, 2019
  • There was a data breach found that had left some patients exposed
  • Over 40,000 emails were examined due to this phishing scam
  • There was a percentage of emails that contained sensitive patient information
Read More

 
Elizabethtown Community Hospital, Essex County

Breach Type - Phishing, Data Breach

Data Breaches
December 17th, 2018
  • Employee’s email account was remotely accessed by an unauthorized user
  • Incident did not affect the hospital’s computer networks or electronic medical records
  • Compromised account contained sensitive medical information of patients
  • Patients’ data potentially compromised
Read More

 
Episcopal Health Services, Queens County

Breach Type - Phishing, Data Breach

Data Breaches
November 16th, 2018
  • Email accounts subject to unauthorized access for 2 months
  • Third party forensic investigators thoroughly inspected the suspicious activity
  • The accounts involved contained protected health information and financial information
Read More

 
New York Oncology Hematology, Albany County

Breach Type - Phishing, Data Breach

Times Union
November 16th, 2018
  • Health insurance records for more than 128,000 patients and workers potentially stolen by hackers
  • New York Oncology Hematology reported that staff fell victim to phishing attack
  • Cyber attack occurred in April and no evidence has surfaced that personal data was accessed or misused
Read More

 
Med Associates, Inc. - Albany Co.

Breach Type - Hack

WHEC
June 15th, 2018
  • Med Associates discovered unusual activity at workstation
  • Hackers accessed the workstation & potentially compromised PHI
  • Med Associates worked to notify patients & offered identity protection services
Read More

 
Middletown Medical, Orange County

Breach Type - Other/Vulnerability, Data Breach

Record Online
March 29th, 2018
  • Security setting in radiology interference allowed access to electronic patient information
  • Middletown Medical acted to prevent further unauthorized access
  • Notified potentially affected individuals and offered one year of identity protection services
Read More

 
Finger Lakes Health

Breach Type - Ransomware

WHEC
March 20th, 2018
  • Hackers demand ransom to decrypt files of Finger Lakes Health NY
  • No evidence of compromised patient/staff data has surfaced
  • Employees have emergency plan for cyber attacks
  • Daily tasks completed manually
Read More

 
St. Peter's Hospital

Breach Type - Hack

timesunion
March 2nd, 2018
  • Malware installed on St. Peter's servers
  • Second largest breach of NY since 2016 hits St. Peter's Hospital
  • Hackers potentially compromised medical records of 135,000 patients
Read More

 
Jones Memorial Hospital

Breach Type - Hack

WIBV
December 27th, 2017
  • Experienced unexpected downtime due to cyber attack
  • Manually entering information into patient charts
  • No patient data is believed to be compromised
Read More
SC Magazine
December 28th, 2017
  • Jones Memorial rendered a limited number of information services inoperable
  • Working with University of Rochester, Noyes Health & St. James Mercy Hospital to restore systems
Read More
EHR Intelligence
January 9th, 2018
  • Systems back online after two weeks of E.H.R. downtime
  • Evaluating and updating security measures to prevent future attacks
Read More

 
Pharmacy Innovations

Breach Type - Hack

Biz Journals
December 26th, 2017
  • Hack leads to breached data of more than 1,200 patients
  • Pharmacy Innovations was the 4th health data breach for NY in 2017
  • Case under investigation by the Office for Civil Rights
Read More

 
Kaleida Health

Breach Type - Phishing

Healthcare IT News
August 31st, 2017
  • Kaleida Health employee falls victim to phishing scheme
  • Private data of 744 individuals potentially affected
  • Kaleida offering free credit monitoring
  • As a result of multiple data breaches, Kaleida working to improve cyber security
Read More

 
Erie County Medical Center

Breach Type - Ransomware

Buffalo News
April 9th, 2017
  • Ransomware attack causes computer system disruption
  • Affected the medical center's ability to provide medical treatment
  • ECMC refused to pay ransom
  • Restoring systems with help of IT staff
Read More

 
Metropolitan Jewish Health System

Breach Type - Phishing

Data Breaches
April 5th, 2016
  • Employees falls victim to spear phishing scheme
  • Some patient data left available to hacker
  • Notified patients about the phishing scam & established a security hotline
  • Health system reinforcing dangers of phishing to staff
Read More

 
BACK TO TOP

Education

Pierson High School, Suffolk County

Breach Type – Hacking, Data Breach

Dans Papers
November 23rd, 2019
  • School district's computer systems were seized in cyberattack
  • Outage remained in effect over a week later, originally predicted to last 24 hours
  • Officials forced to utilize third part cybersecurity firm to assist with restoration
Read More

 
Mineola School District, Nassau County

Breach Type – Unknown, Ransomware

MSSP Alert
August 23rd, 2019
  • This school district being one of many struck by a Ryuk virus was able to restore encrypted files from backups
  • The Ryuk was also specifically designed to encrypt all backups in an attempt to secure the need for ransom
  • The Mineola school district was lucky that the backup was offline at the time of the attack, as servers were being worked on
Read More

 
Rockville Centre School District, Nassau County

Breach Type – Unknown, Ransomware

News Day
August 24th, 2019
  • The school district paid almost $100,000 in ransom in an attempt to restore encrypted files on their servers
  • Due to their insurance the school was able to afford payment
  • IT was able to halt the encryption halfway through as it was attempting to spread
Read More
SC Magazine
August 26th, 2019
  • $88,000 was paid in ransom to restore access to their files
  • Since the school district was able to halt the encryption processes and restore many files the ransom costs dropped almost $100,000
  • The school district states that paying the ransom was a result of exhausting all efforts made
Read More

 
Watertown City School District, Jefferson County

Breach Type – Unknown, Malware

WWNYTV
July 29th, 2019
  • School district victim of malware attack, officials unsure of data loss
  • Superintendent stated that attacker had not yet demanded ransom
  • Watertown City School District advised to not logon to computer systems
Read More

 
Syracuse City School District, Onandaga County

Breach Type – Unknown, Ransomware

Syracuse
July 11th, 2019
  • Ransomware hit the city’s school district and caused a week-long outage
  • The attack locked the school district out from using their own systems
  • The school is getting conflicting advice from their cyber insurance company vs. the FBI on whether to pay the ransom
Read More

 
Monroe College, Bronx County

Breach Type – Unknown, Ransomware

Syracuse
July 11th, 2019
  • Monroe College based in Bronx, New York hit by ransomware attack with hackers demanding $2 million in Bitcoin
  • Campuses and facilities located in NY and FL have been impacted
  • Details of the attack have not yet been released to the public, but police are investigating
Read More

 
OCM BOCES, Onondaga Co., Cortland Co., Madison Co.

Breach Type - Other, TDoS/DDoS

Local SYR
October 4th, 2018
  • Cyber attack disrupted the OCM BOCES network causing huge problems for school districts
  • Hackers are causing denial of security attacks
  • All personal and confidential information related to students and employees has been well protected
Read More

 
The University at Buffalo, Erie County

Breach Type - Hack

The Spectrum
May 19th, 2018
  • Thousands of University at Buffalo accounts hacked
  • 28 faculty & staff accounts compromised
  • Login credentials stolen when entered into malicious website
Read More

 
OCM BOCES District

Breach Type - Hack

CNY Central
April 13th, 2018
  • Cyber-attack targets OCM BOCES district during its ELA assessment testing
  • Attack shut down network intermittently, forcing reschedule of tests
  • No data stolen thanks to security measures in place
  • Technicians working to restore & stabilize connection for continuation of testing
Read More

 
Buffalo Public Schools District

Breach Type - Hack

Buffalo News
March 24th, 2018
  • Denial of Service attack hits Buffalo Public Schools' network
  • The attack caused problems for the district for several hours
  • District officials believe the hackers are from overseas
Read More

 
The City University of New York Website

Breach Type - Hack/Cryptomining

WCCFTECH
February 12th, 2018
  • Cryptojackers abuse "browsealoud" plugin to mine Monero from unsuspecting web-users
  • Over 4,200 webpages globally, affected by scheme
  • The City University of New York, Lehman College, and La Guardia Community College websites were all used by hackers to generate cryptocurrency
Read More

 
Cornell University

Breach Type - Phishing

Cornell Sun
May 3rd, 2017
  • Cornell University one of many servers affected by a Google Docs phishing scheme
  • Users affected had to immediately change passwords
  • Some contact data potentially exposed
Read More

 
Rhinebeck School District

Breach Type - Ransomware

Daily Freeman
June 15th, 2016
  • Ransomware infects Rhinebeck School District through malicious email
  • Hackers demanded a $500 ransom to decrypt the servers
  • The district's IT traced the malware for 9 hours
  • Restored system using off-site backups
  • No data lost
Read More

 
Hudson City School District

Breach Type - Phishing

Data Breaches
January 24th, 2016
  • Hudson City School District employee fell victim to phishing scheme
  • Hackers may have accessed social security numbers of all district staff
  • The attack mimicked the phishing scam which affected Lawrence Schools in Massachusetts
Read More

 
BACK TO TOP