New York Cyber Attacks

Infrastructure Affected

Public Safety
Government
Medical
Education
 
New York.jpg
 

Public Safety

New York State Servers, State of New York

Breach Type – Hacking, Other

My San Antonio

  • Statewide cyberattack caused nearly month-long setback
  • Officials believed attack originated outside the country
  • IT personnel discovered several hacked servers
Read More

 
Town of Colonie & Colonie Police Department, Albany County

Breach Type – Unknown, Ransomware

WNYT

  • Colonie, New York among latest victims of ransomware cyberattack
  • At least three other attacks occurred in the same area within the last year
  • Officials reported no outages for emergency services
Read More

 
NYPD Database, New York County

Breach Type – Hacking, Ransomware

NY Post

  • Contractor used compromised device, caused NYPD fingerprint database to go down
  • Over 20 fingerprint devices were taken down by infected computer
  • Contractor was questioned but not charged, officials stated less than 1% of NYPD's computers affected
Read More

 
Schenectady County Government, Office of Sheriff, & Correctional Facility, Schenectady County

Breach Type - Malware

News 10

  • Schenectady County officials detected a virus in the computer network
  • County website and email system temporarily shut down
  • No evidence of data breach due to virus
  • 911 Central Dispatch Center unaffected
Read More
Times Union

  • Network systems hacked and rendered offline
  • Jail & Courthouse affected
  • Malware quickly detected
  • As a result, emails and website systems shut down
Read More
Gov Tech

  • Sheriff's office computer systems compromised by malware
  • Hackers suspected to be part of crime syndicate
  • Malware moved laterally across systems targeting data
Read More

 
Schuyler County Sheriff’s Department

Breach Type - Hack

Lockport Journal

  • Direct attack from foreign country on Schuyler County
  • Hackers attempted multiple passwords to get online
Read More
WENY News

  • No data was compromised/breached
  • Schuyler county was up to date with anti-virus & anti-malware
  • This specific attack was more advanced than the security they had set up
Read More

 
BACK TO TOP

Local Government

Buffalo and Erie County Library, Erie County

Breach Type – Unknown, Data Breach

WGRZ

  • Private data likely leaked following cyberattack on library database
  • Bad actors conducted a ransomware hit on third-party vendor
  • Names, addresses, emails, and phone numbers were among leaked information
Read More

 
CNY Works, Onondaga County

Breach Type – Unknown, Ransomware

Government Technology

  • Nonprofit agency was victim of ransomware cyberattack
  • Approximately 56,000 individuals had names and Social Security numbers exposed
  • Third party cybersecurity firm was brought in to help with investigation
Read More

 
City of Olean, Cattaraugus County

Breach Type – Unknown, Ransomware

Olean Times Herald

  • City IT officials discovered and stopped ransomware cyberattack
  • Mayor commented that attack occurred during vulnerable time for city
  • Email and clerk's office were among those directly affected
Read More

 
New York City’s MMS and SMS text-messaging system, State of New York

Breach Type – Hacking, Other

Fox 28 Media

  • Bad actors hijacked MMS and SMS messaging
  • Fraudulent government service shutdown messages sent
  • US intelligence agencies helped investigate
Read More

 
Nassau County, Nassau County

Breach Type – Phishing, Other: Funds Stolen

WCBS 880

  • County was victim of phishing cyberattack
  • Officials were able to recover hundreds of thousands of dollars
  • Employees became suspicious when they noticed grammatical errors
Read More

 
Albany International Airport, Albany County

Breach Type – Unknown, Ransomware

Daily Gazette

  • Ransomware utilized in cyberattack against airport
  • Federal and state law enforcement conducted investigation
  • Airport dropped third-party vendor following attack
Read More

 
Town of Moreau, Saratoga County

Breach Type – Unknown, Malware

Post Star

  • A Christmas eve attack leaves the town hall potentially having personal data exposed
  • The town was notified of the virus by an IT contracted company that monitors their networks
  • It took over 30 man hours spanning onto Christmas day to resolve the attack allowing systems to be restored to backups
Read More

 
Onandaga County Public Library Systems

Breach Type – Unknown, Other

Syracuse

  • Public library announced via social media that online systems were down and expected not to be online until after the weekend
  • All branches impacted and online catalog and accounts were not available – some phone systems were also impacted
  • Unclear if this outage is connected with the Syracuse City School District ransomware attack
Read More

 
Broome County Government Systems, Broome County

Breach Type - Phishing, Data Breach

Press Connects

  • Broome County victim of cyber attack, suspect likely accessed personal information of county employees
  • County officials discovered the breach after employee's direct deposit information was changed
  • Officials advised that they added multi-factor authentication and additional employee training
Read More

 
City of Albany, Albany County

Breach Type - Unknown, Ransomware

Times Union

  • The city had fallen victim to a ransomware attack and it was announced publicly
  • The full extent of the attack was not immediately revealed
  • It is still being examined and information will be released to the public as it is found
Read More
Times Union

  • The Albany Police Officers Union was affected by this attack
  • Many city services were taken down due to the attack, the Police Union could not access internet-dependent systems
  • Limited access affected the patrols and their operations, the department was still manned properly
Read More

 
U.S. Congressman (Peter King) Campaign Website, Long Island, Kings County, Queens County

Breach Type - Other

wshu Public Radio

  • Campaign website for U.S. Congressman, Peter King, targeted by hackers
  • Cyber attackers defaced website with Turkish Propaganda
  • Malware has since been removed, unknown how the attackers infiltrated the website
Read More

 
Otsego County

Breach Type - Other, Cryptojacking

The Daily Star

  • County government experienced significant cyber attack
  • Infiltrators exploited zero-day vulnerability in system
  • Services taken offline
  • No indication that citizen data was accessed or exposed
Read More
The Daily Star

  • Eastern European hackers infiltrated Otsego county network
  • Used system’s computing power to mine cryptocurrency
  • Systems ran very slowly, CPU’s maxed out, several servers showed alerts of a potential virus
  • Remote desktop server in a county employee’s home was identified as the source of the breach
Read More

 
Town of Ulster, Ulster County

Breach Type - Malware

Daily Freeman

  • Entire town system affected by virus
  • Virus infiltrated outlook accounts, sending mass mal-spam emails to town contacts
  • Town of Ulster constantly re-infected with virus resulting in a painstaking recovery
Read More

 
Town of Irondequoit, Monroe County

Breach Type - Phishing, Other

13 abc WHAM

  • Irondequoit employee fell victim to phishing scheme
  • Email account used to send out unauthorized mass email
  • Email contains malicious PDF attachment
  • Town warning to immediately receive the malicious email should residents receive it
Read More

 
St. Lawrence County Website, St. Lawrence County

Breach Type - Hacking, Other

WW NY TV

  • Website shut down due to hack
  • St. Lawrence county home-page defaced
  • Hackers claimed to contain private county information
  • County does not believe any private information compromised
Read More
WW NY TV

  • Employees instructed to reset account passwords in wake of website defacement
  • IT department conducting investigation to find source of hack
  • County website will be restored after investigation concludes
Read More

 
Town of Brookhaven

Breach Type - Hack

CBS New York

  • Part of Islamic Union test hacks of government websites
  • Team System Dz claims responsibility
  • Brookhaven one of 76 websites impacted in this string of ISIS Propaganda
Read More

 
Rensselaer Public Library

Breach Type - Ransomware

Altamont Enterprise

  • Hackers ask for several hundred dollars as ransom
  • Library server was slow, indicating virus had infected system
  • Wiped server clean and restored it in a week
Read More

 
Orange County

Breach Type - Hack

Data Breaches

  • Hackers gain access to those involved with Middletown PD
  • Investigation has not proven fraudulent misuse of personal information
  • FBI notified city that its network was compromised
Read More

 
Onondaga County

Breach Type - Ransomware

Syracuse

  • Virus originated from Russia
  • Employee recognized suspicious activity on computer and notified IT dept. immediately
  • IT staff shut computer of network before virus could spread
  • Virus was thwarted, further investigation helped identify cause and origin
Read More

 
BACK TO TOP

Medical

Samaritan Medical Center, Jefferson County

Breach Type – Unknown, Malware

WWNY 7 News

  • Staff have to resort to using both pen and paper in the medical center following a server shutdown due to potential security indecent
  • The hospital is still caring for patients despite the lack of servers although some appointments were postponed
  • No patient transfers were able to be completed due to the lack of information on databases
Read More
WWNY 7 News

  • Computer systems were restored following the attack
  • It has not been publicly released whether or not the attack was ransomware based
  • A third of the 1,400 computers have been check and restored back to functional operations
Read More
Becker's Hospital Review

  • The hospital was taken offline following the attack and prompted both restorations and investigations of the servers
  • Third party professionals were brought in to assist with restoration processes
  • Patients are still being seen and are advised to bring their own medication lists for appointments
Read More

 
Boyce Technologies, Queens Borough

Breach Type – Unknown, Ransomware

Cointelegraph

  • Bad actors threatened to leak data following ransomware cyberattack
  • Officials believed that due to the nature of the attack the setback could cost lives
  • Medical company did not disclose the extend of the attack
Read More

 
Samaritan Medical Center, Jefferson County

Breach Type – Unknown, Malware

WWNY 7 News

  • Healthcare center hit in malware cyberattack, forced to utilize pen and paper notes
  • Both the FBI and US Department of Homeland Security were notified of the cyberattack
  • Hospital continued to take patients, damage caused was minimal
Read More

 
Oswego Health, Oswego County

Breach Type – Phishing, Other

Becker's Hospital Review

  • Healthcare provider launched investigation following phishing attempt
  • Employee email account was fraudulently accessed by bad actor
  • Officials confirmed hacked account had been re-secured
Read More

 
National Eating Disorders Association (NEDA), New York County

Breach Type – Unknown, Ransomware

Medium

  • Bad actors threatened release of data following cyberattack
  • Non-profit organization was latest victim of ransomware
  • Sensitive data was leaked several days later
Read More

 
East House, Monroe County

Breach Type - Phishing, Data Breach

PR News Wire

  • East house is alerting public of potential data misuse in recent suspicious activity
  • An employee email was accessed potentially exposing several employees' sensitive private information
  • Following event East house is informing staff on preventative measures to avoid future reoccurrences
Read More

 
Personal-Touch Home Care, Nassau County

Breach Type - Unknown, Ransomware

Beckers Hospital Review

  • Over 157,000 patients had information exposed
  • Ransomware used by bad actors to steal private information
  • Third party IT firm and federal law enforcement assisted
Read More

 
Jordan Health, Monroe County

Breach Type - Unknown, Ransomware

Rochester First

  • Health center was victim of ransomware cyberattack
  • FBI and others helped investigate attack and restore system
  • Officials believed patient information wasn't leaked
Read More

 
Health Quest; Lagrangeville, Dutchess County

Breach Type – Phishing, Data Breach

Becker’s Hospital Review

  • Numerous employees were victim of phishing cyberattack
  • Employees provided credentials to fraudulent entity
  • IT officials secured affected email accounts following attack
Read More

 
Brooklyn Hospital Center, Kings County

Breach Type – Unknown, Ransomware

Bleeping Computer

  • Ransomware attack caused permanent data loss at Brooklyn Hospital
  • Officials believed that data was not stolen from their system and was only removed
  • Notification to patients indicated that hospital did not have appropriate backup systems
Read More

 
Adirondack Health, Franklin County

Breach Type - Hacking, Data Breach

Health IT Security

  • 25,000 patients have been notified following an attack potentially exposing sensitive information
  • A hacker had gained access to an email account allowing them to view protected information of one email containing medical information
  • It does not seem to originate from a phishing attack and instead accessed from an outside remote attack
Read More

 
Olean Medical Group, Cattaraugus County

Breach Type - Unknown, Ransomware

Olean Times Herald

  • It was discovered that 40,000 patients were not exposed following a hack
  • The group remains actively practicing, simply resorting to pen and paper as systems are restored
  • The attack was compared to a terrorist attack as hackers sought out an large sum in order to supposedly restore files
Read More

 
Episcopal Health Services, Queens County

Breach Type - Phishing, Data Breach

Data Breaches

  • There had been suspicious email activity in employee’s email accounts
  • Third party investigators assisted investigations finding that the accounts had been accessed
  • Some sensitive patient information had been exposed due to the compromised email accounts
Read More

 
DePaul’s Behavioral Health Program, Erie County

Breach Type - Phishing, Data Breach

Democrat and Chronicle

  • There was a data breach found that had left some patients exposed
  • Over 40,000 emails were examined due to this phishing scam
  • There was a percentage of emails that contained sensitive patient information
Read More

 
Elizabethtown Community Hospital, Essex County

Breach Type - Phishing, Data Breach

Data Breaches

  • Employee’s email account was remotely accessed by an unauthorized user
  • Incident did not affect the hospital’s computer networks or electronic medical records
  • Compromised account contained sensitive medical information of patients
  • Patients’ data potentially compromised
Read More

 
Episcopal Health Services, Queens County

Breach Type - Phishing, Data Breach

Data Breaches

  • Email accounts subject to unauthorized access for 2 months
  • Third party forensic investigators thoroughly inspected the suspicious activity
  • The accounts involved contained protected health information and financial information
Read More

 
New York Oncology Hematology, Albany County

Breach Type - Phishing, Data Breach

Times Union

  • Health insurance records for more than 128,000 patients and workers potentially stolen by hackers
  • New York Oncology Hematology reported that staff fell victim to phishing attack
  • Cyber attack occurred in April and no evidence has surfaced that personal data was accessed or misused
Read More

 
Med Associates, Inc. - Albany Co.

Breach Type - Hack

WHEC

  • Med Associates discovered unusual activity at workstation
  • Hackers accessed the workstation & potentially compromised PHI
  • Med Associates worked to notify patients & offered identity protection services
Read More

 
Middletown Medical, Orange County

Breach Type - Other/Vulnerability, Data Breach

Record Online

  • Security setting in radiology interference allowed access to electronic patient information
  • Middletown Medical acted to prevent further unauthorized access
  • Notified potentially affected individuals and offered one year of identity protection services
Read More

 
Finger Lakes Health

Breach Type - Ransomware

WHEC

  • Hackers demand ransom to decrypt files of Finger Lakes Health NY
  • No evidence of compromised patient/staff data has surfaced
  • Employees have emergency plan for cyber attacks
  • Daily tasks completed manually
Read More

 
St. Peter's Hospital

Breach Type - Hack

timesunion

  • Malware installed on St. Peter's servers
  • Second largest breach of NY since 2016 hits St. Peter's Hospital
  • Hackers potentially compromised medical records of 135,000 patients
Read More

 
Jones Memorial Hospital

Breach Type - Hack

WIBV

  • Experienced unexpected downtime due to cyber attack
  • Manually entering information into patient charts
  • No patient data is believed to be compromised
Read More
SC Magazine

  • Jones Memorial rendered a limited number of information services inoperable
  • Working with University of Rochester, Noyes Health & St. James Mercy Hospital to restore systems
Read More
EHR Intelligence

  • Systems back online after two weeks of E.H.R. downtime
  • Evaluating and updating security measures to prevent future attacks
Read More

 
Pharmacy Innovations

Breach Type - Hack

Biz Journals

  • Hack leads to breached data of more than 1,200 patients
  • Pharmacy Innovations was the 4th health data breach for NY in 2017
  • Case under investigation by the Office for Civil Rights
Read More

 
Kaleida Health

Breach Type - Phishing

Healthcare IT News

  • Kaleida Health employee falls victim to phishing scheme
  • Private data of 744 individuals potentially affected
  • Kaleida offering free credit monitoring
  • As a result of multiple data breaches, Kaleida working to improve cyber security
Read More

 
Erie County Medical Center

Breach Type - Ransomware

Buffalo News

  • Ransomware attack causes computer system disruption
  • Affected the medical center's ability to provide medical treatment
  • ECMC refused to pay ransom
  • Restoring systems with help of IT staff
Read More

 
Metropolitan Jewish Health System

Breach Type - Phishing

Data Breaches

  • Employees falls victim to spear phishing scheme
  • Some patient data left available to hacker
  • Notified patients about the phishing scam & established a security hotline
  • Health system reinforcing dangers of phishing to staff
Read More

 
BACK TO TOP

Education

Erie Community College, Erie County

Breach Type – Unknown, Malware

Buffalo News

  • 50 computers were disabled by a malware attack causing the college to go offline
  • Windows based computers were the only ones affected on all three college locations
  • Student data has not been affected by this attack due to backup servers
Read More

 
Jamesville-DeWitt High School listserv Email Application, Onondaga County

Breach Type – Hacking, Other

Syracuse

  • Three vulgar emails directed at school officials sent to student body
  • Bad actor hacked into school email listserv distributor
  • Officials suggested students log into email and have parents erase the messages
Read More

 
Niagara University, Niagara County

Breach Type – Unknown, Ransomware

Buffalo Business First

  • University services were impacted following cyberattack
  • Bad actors used ransomware to disrupt college network
  • Campus law enforcement investigated the attack
Read More

 
Pierson High School, Suffolk County

Breach Type – Hacking, Data Breach

Dans Papers

  • School district's computer systems were seized in cyberattack
  • Outage remained in effect over a week later, originally predicted to last 24 hours
  • Officials forced to utilize third part cybersecurity firm to assist with restoration
Read More

 
Mineola School District, Nassau County

Breach Type – Unknown, Ransomware

MSSP Alert

  • This school district being one of many struck by a Ryuk virus was able to restore encrypted files from backups
  • The Ryuk was also specifically designed to encrypt all backups in an attempt to secure the need for ransom
  • The Mineola school district was lucky that the backup was offline at the time of the attack, as servers were being worked on
Read More

 
Rockville Centre School District, Nassau County

Breach Type – Unknown, Ransomware

News Day

  • The school district paid almost $100,000 in ransom in an attempt to restore encrypted files on their servers
  • Due to their insurance the school was able to afford payment
  • IT was able to halt the encryption halfway through as it was attempting to spread
Read More
SC Magazine

  • $88,000 was paid in ransom to restore access to their files
  • Since the school district was able to halt the encryption processes and restore many files the ransom costs dropped almost $100,000
  • The school district states that paying the ransom was a result of exhausting all efforts made
Read More

 
Watertown City School District, Jefferson County

Breach Type – Unknown, Malware

WWNYTV

  • School district victim of malware attack, officials unsure of data loss
  • Superintendent stated that attacker had not yet demanded ransom
  • Watertown City School District advised to not logon to computer systems
Read More

 
Syracuse City School District, Onandaga County

Breach Type – Unknown, Ransomware

Syracuse

  • Ransomware hit the city’s school district and caused a week-long outage
  • The attack locked the school district out from using their own systems
  • The school is getting conflicting advice from their cyber insurance company vs. the FBI on whether to pay the ransom
Read More

 
Monroe College, Bronx County

Breach Type – Unknown, Ransomware

Syracuse

  • Monroe College based in Bronx, New York hit by ransomware attack with hackers demanding $2 million in Bitcoin
  • Campuses and facilities located in NY and FL have been impacted
  • Details of the attack have not yet been released to the public, but police are investigating
Read More

 
OCM BOCES, Onondaga Co., Cortland Co., Madison Co.

Breach Type - Other, TDoS/DDoS

Local SYR

  • Cyber attack disrupted the OCM BOCES network causing huge problems for school districts
  • Hackers are causing denial of security attacks
  • All personal and confidential information related to students and employees has been well protected
Read More

 
The University at Buffalo, Erie County

Breach Type - Hack

The Spectrum

  • Thousands of University at Buffalo accounts hacked
  • 28 faculty & staff accounts compromised
  • Login credentials stolen when entered into malicious website
Read More

 
OCM BOCES District

Breach Type - Hack

CNY Central

  • Cyber-attack targets OCM BOCES district during its ELA assessment testing
  • Attack shut down network intermittently, forcing reschedule of tests
  • No data stolen thanks to security measures in place
  • Technicians working to restore & stabilize connection for continuation of testing
Read More

 
Buffalo Public Schools District

Breach Type - Hack

Buffalo News

  • Denial of Service attack hits Buffalo Public Schools' network
  • The attack caused problems for the district for several hours
  • District officials believe the hackers are from overseas
Read More

 
The City University of New York Website

Breach Type - Hack/Cryptomining

WCCFTECH

  • Cryptojackers abuse "browsealoud" plugin to mine Monero from unsuspecting web-users
  • Over 4,200 webpages globally, affected by scheme
  • The City University of New York, Lehman College, and La Guardia Community College websites were all used by hackers to generate cryptocurrency
Read More

 
Cornell University

Breach Type - Phishing

Cornell Sun

  • Cornell University one of many servers affected by a Google Docs phishing scheme
  • Users affected had to immediately change passwords
  • Some contact data potentially exposed
Read More

 
Rhinebeck School District

Breach Type - Ransomware

Daily Freeman

  • Ransomware infects Rhinebeck School District through malicious email
  • Hackers demanded a $500 ransom to decrypt the servers
  • The district's IT traced the malware for 9 hours
  • Restored system using off-site backups
  • No data lost
Read More

 
Hudson City School District

Breach Type - Phishing

Data Breaches

  • Hudson City School District employee fell victim to phishing scheme
  • Hackers may have accessed social security numbers of all district staff
  • The attack mimicked the phishing scam which affected Lawrence Schools in Massachusetts
Read More

 
BACK TO TOP