Public Safety

New York State Servers, State of New York

Breach Type – Hacking, Other

My San Antonio
April 13th, 2020

Statewide cyberattack caused nearly month-long setback
Officials believed attack originated outside the country
IT personnel discovered several hacked servers

Town of Colonie & Colonie Police Department, Albany County

Breach Type – Unknown, Ransomware

WNYT
January 17th, 2020

Colonie, New York among latest victims of ransomware cyberattack
At least three other attacks occurred in the same area within the last year
Officials reported no outages for emergency services

NYPD Database, New York County

Breach Type – Hacking, Ransomware

NY Post
November 24th, 2019

Contractor used compromised device, caused NYPD fingerprint database to go down
Over 20 fingerprint devices were taken down by infected computer
Contractor was questioned but not charged, officials stated less than 1% of NYPD's computers affected

Schenectady County Government, Office of Sheriff, & Correctional Facility, Schenectady County

Breach Type - Malware

News 10
December 13th, 2018

Schenectady County officials detected a virus in the computer network
County website and email system temporarily shut down
No evidence of data breach due to virus
911 Central Dispatch Center unaffected

Times Union
December 13th, 2018

Network systems hacked and rendered offline
Jail & Courthouse affected
Malware quickly detected
As a result, emails and website systems shut down

Gov Tech
December 20th, 2018

Sheriff's office computer systems compromised by malware
Hackers suspected to be part of crime syndicate
Malware moved laterally across systems targeting data

Schuyler County Sheriff’s Department

Breach Type - Hack

Lockport Journal
September 7th, 2017

Direct attack from foreign country on Schuyler County
Hackers attempted multiple passwords to get online

WENY News
September 11th, 2017

No data was compromised/breached
Schuyler county was up to date with anti-virus & anti-malware
This specific attack was more advanced than the security they had set up

Local Government

Buffalo and Erie County Library, Erie County

Breach Type – Unknown, Data Breach

WGRZ
August 11th, 2020

Private data likely leaked following cyberattack on library database
Bad actors conducted a ransomware hit on third-party vendor
Names, addresses, emails, and phone numbers were among leaked information

CNY Works, Onondaga County

Breach Type – Unknown, Ransomware

Government Technology
July 2nd, 2020

Nonprofit agency was victim of ransomware cyberattack
Approximately 56,000 individuals had names and Social Security numbers exposed
Third party cybersecurity firm was brought in to help with investigation

City of Olean, Cattaraugus County

Breach Type – Unknown, Ransomware

Olean Times Herald
April 17th, 2020

City IT officials discovered and stopped ransomware cyberattack
Mayor commented that attack occurred during vulnerable time for city
Email and clerk's office were among those directly affected

New York City’s MMS and SMS text-messaging system, State of New York

Breach Type – Hacking, Other

Fox 28 Media
March 17th, 2020

Bad actors hijacked MMS and SMS messaging
Fraudulent government service shutdown messages sent
US intelligence agencies helped investigate

Nassau County, Nassau County

Breach Type – Phishing, Other: Funds Stolen

WCBS 880
January 10th, 2020

County was victim of phishing cyberattack
Officials were able to recover hundreds of thousands of dollars
Employees became suspicious when they noticed grammatical errors

Albany International Airport, Albany County

Breach Type – Unknown, Ransomware

Daily Gazette
January 10th, 2020

Ransomware utilized in cyberattack against airport
Federal and state law enforcement conducted investigation
Airport dropped third-party vendor following attack

Town of Moreau, Saratoga County

Breach Type – Unknown, Malware

Post Star
January 1st, 2020

A Christmas eve attack leaves the town hall potentially having personal data exposed
The town was notified of the virus by an IT contracted company that monitors their networks
It took over 30 man hours spanning onto Christmas day to resolve the attack allowing systems to be restored to backups

Onandaga County Public Library Systems

Breach Type – Unknown, Other

Syracuse
July 13th, 2019

Public library announced via social media that online systems were down and expected not to be online until after the weekend
All branches impacted and online catalog and accounts were not available – some phone systems were also impacted
Unclear if this outage is connected with the Syracuse City School District ransomware attack

Broome County Government Systems, Broome County

Breach Type - Phishing, Data Breach

Press Connects
May 31st, 2019

Broome County victim of cyber attack, suspect likely accessed personal information of county employees
County officials discovered the breach after employee's direct deposit information was changed
Officials advised that they added multi-factor authentication and additional employee training

City of Albany, Albany County

Breach Type - Unknown, Ransomware

Times Union
March 30th, 2019

The city had fallen victim to a ransomware attack and it was announced publicly
The full extent of the attack was not immediately revealed
It is still being examined and information will be released to the public as it is found

Times Union
March 31st, 2019

The Albany Police Officers Union was affected by this attack
Many city services were taken down due to the attack, the Police Union could not access internet-dependent systems
Limited access affected the patrols and their operations, the department was still manned properly

U.S. Congressman (Peter King) Campaign Website, Long Island, Kings County, Queens County

Breach Type - Other

wshu Public Radio
October 9th, 2018

Campaign website for U.S. Congressman, Peter King, targeted by hackers
Cyber attackers defaced website with Turkish Propaganda
Malware has since been removed, unknown how the attackers infiltrated the website

Otsego County

Breach Type - Other, Cryptojacking

The Daily Star
October 4th, 2018

County government experienced significant cyber attack
Infiltrators exploited zero-day vulnerability in system
Services taken offline
No indication that citizen data was accessed or exposed

The Daily Star
October 10th, 2018

Eastern European hackers infiltrated Otsego county network
Used system’s computing power to mine cryptocurrency
Systems ran very slowly, CPU’s maxed out, several servers showed alerts of a potential virus
Remote desktop server in a county employee’s home was identified as the source of the breach

Town of Ulster, Ulster County

Breach Type - Malware

Daily Freeman
September 26th, 2018

Entire town system affected by virus
Virus infiltrated outlook accounts, sending mass mal-spam emails to town contacts
Town of Ulster constantly re-infected with virus resulting in a painstaking recovery

Town of Irondequoit, Monroe County

Breach Type - Phishing, Other

13 abc WHAM
September 11th, 2018

Irondequoit employee fell victim to phishing scheme
Email account used to send out unauthorized mass email
Email contains malicious PDF attachment
Town warning to immediately receive the malicious email should residents receive it

St. Lawrence County Website, St. Lawrence County

Breach Type - Hacking, Other

WW NY TV
August 21st, 2018

Website shut down due to hack
St. Lawrence county home-page defaced
Hackers claimed to contain private county information
County does not believe any private information compromised

WW NY TV
August 22nd, 2018

Employees instructed to reset account passwords in wake of website defacement
IT department conducting investigation to find source of hack
County website will be restored after investigation concludes

Town of Brookhaven

Breach Type - Hack

CBS New York
June 26th, 2017

Part of Islamic Union test hacks of government websites
Team System Dz claims responsibility
Brookhaven one of 76 websites impacted in this string of ISIS Propaganda

Rensselaer Public Library

Breach Type - Ransomware

Altamont Enterprise
June 1st, 2017

Hackers ask for several hundred dollars as ransom
Library server was slow, indicating virus had infected system
Wiped server clean and restored it in a week

Orange County

Breach Type - Hack

Data Breaches
October 21st, 2016

Hackers gain access to those involved with Middletown PD
Investigation has not proven fraudulent misuse of personal information
FBI notified city that its network was compromised

Onondaga County

Breach Type - Ransomware

Syracuse
March 14th, 2016

Virus originated from Russia
Employee recognized suspicious activity on computer and notified IT dept. immediately
IT staff shut computer of network before virus could spread
Virus was thwarted, further investigation helped identify cause and origin

Medical

Samaritan Medical Center, Jefferson County

Breach Type – Unknown, Malware

WWNY 7 News
July 27th, 2020

Staff have to resort to using both pen and paper in the medical center following a server shutdown due to potential security indecent
The hospital is still caring for patients despite the lack of servers although some appointments were postponed
No patient transfers were able to be completed due to the lack of information on databases

WWNY 7 News
August 7th, 2020

Computer systems were restored following the attack
It has not been publicly released whether or not the attack was ransomware based
A third of the 1,400 computers have been check and restored back to functional operations

Becker's Hospital Review
September 9th, 2020

The hospital was taken offline following the attack and prompted both restorations and investigations of the servers
Third party professionals were brought in to assist with restoration processes
Patients are still being seen and are advised to bring their own medication lists for appointments

Boyce Technologies, Queens Borough

Breach Type – Unknown, Ransomware

Cointelegraph
August 7th, 2020

Bad actors threatened to leak data following ransomware cyberattack
Officials believed that due to the nature of the attack the setback could cost lives
Medical company did not disclose the extend of the attack

Samaritan Medical Center, Jefferson County

Breach Type – Unknown, Malware

WWNY 7 News
July 27th, 2020

Healthcare center hit in malware cyberattack, forced to utilize pen and paper notes
Both the FBI and US Department of Homeland Security were notified of the cyberattack
Hospital continued to take patients, damage caused was minimal

Oswego Health, Oswego County

Breach Type – Phishing, Other

Becker's Hospital Review
June 17th, 2020

Healthcare provider launched investigation following phishing attempt
Employee email account was fraudulently accessed by bad actor
Officials confirmed hacked account had been re-secured

National Eating Disorders Association (NEDA), New York County

Breach Type – Unknown, Ransomware

Medium
April 1st, 2020

Bad actors threatened release of data following cyberattack
Non-profit organization was latest victim of ransomware
Sensitive data was leaked several days later

East House, Monroe County

Breach Type - Phishing, Data Breach

PR News Wire
February 17th, 2020

East house is alerting public of potential data misuse in recent suspicious activity
An employee email was accessed potentially exposing several employees' sensitive private information
Following event East house is informing staff on preventative measures to avoid future reoccurrences

Personal-Touch Home Care, Nassau County

Breach Type - Unknown, Ransomware

Beckers Hospital Review
February 27th, 2020

Over 157,000 patients had information exposed
Ransomware used by bad actors to steal private information
Third party IT firm and federal law enforcement assisted

Jordan Health, Monroe County

Breach Type - Unknown, Ransomware

Rochester First
February 28th, 2020

Health center was victim of ransomware cyberattack
FBI and others helped investigate attack and restore system
Officials believed patient information wasn't leaked

Health Quest; Lagrangeville, Dutchess County

Breach Type – Phishing, Data Breach

Becker’s Hospital Review
January 13th, 2020

Numerous employees were victim of phishing cyberattack
Employees provided credentials to fraudulent entity
IT officials secured affected email accounts following attack

Brooklyn Hospital Center, Kings County

Breach Type – Unknown, Ransomware

Bleeping Computer
November 5th, 2019

Ransomware attack caused permanent data loss at Brooklyn Hospital
Officials believed that data was not stolen from their system and was only removed
Notification to patients indicated that hospital did not have appropriate backup systems

Adirondack Health, Franklin County

Breach Type - Hacking, Data Breach

Health IT Security
July 16th, 2019

25,000 patients have been notified following an attack potentially exposing sensitive information
A hacker had gained access to an email account allowing them to view protected information of one email containing medical information
It does not seem to originate from a phishing attack and instead accessed from an outside remote attack

Olean Medical Group, Cattaraugus County

Breach Type - Unknown, Ransomware

Olean Times Herald
June 17th, 2019

It was discovered that 40,000 patients were not exposed following a hack
The group remains actively practicing, simply resorting to pen and paper as systems are restored
The attack was compared to a terrorist attack as hackers sought out an large sum in order to supposedly restore files

Episcopal Health Services, Queens County

Breach Type - Phishing, Data Breach

Data Breaches
May 10th, 2019

There had been suspicious email activity in employee’s email accounts
Third party investigators assisted investigations finding that the accounts had been accessed
Some sensitive patient information had been exposed due to the compromised email accounts

DePaul’s Behavioral Health Program, Erie County

Breach Type - Phishing, Data Breach

Democrat and Chronicle
March 30th, 2019

There was a data breach found that had left some patients exposed
Over 40,000 emails were examined due to this phishing scam
There was a percentage of emails that contained sensitive patient information

Elizabethtown Community Hospital, Essex County

Breach Type - Phishing, Data Breach

Data Breaches
December 17th, 2018

Employee’s email account was remotely accessed by an unauthorized user
Incident did not affect the hospital’s computer networks or electronic medical records
Compromised account contained sensitive medical information of patients
Patients’ data potentially compromised

Episcopal Health Services, Queens County

Breach Type - Phishing, Data Breach

Data Breaches
November 16th, 2018

Email accounts subject to unauthorized access for 2 months
Third party forensic investigators thoroughly inspected the suspicious activity
The accounts involved contained protected health information and financial information

New York Oncology Hematology, Albany County

Breach Type - Phishing, Data Breach

Times Union
November 16th, 2018

Health insurance records for more than 128,000 patients and workers potentially stolen by hackers
New York Oncology Hematology reported that staff fell victim to phishing attack
Cyber attack occurred in April and no evidence has surfaced that personal data was accessed or misused

Med Associates, Inc. - Albany Co.

Breach Type - Hack

WHEC
June 15th, 2018

Med Associates discovered unusual activity at workstation
Hackers accessed the workstation & potentially compromised PHI
Med Associates worked to notify patients & offered identity protection services

Middletown Medical, Orange County

Breach Type - Other/Vulnerability, Data Breach

Record Online
March 29th, 2018

Security setting in radiology interference allowed access to electronic patient information
Middletown Medical acted to prevent further unauthorized access
Notified potentially affected individuals and offered one year of identity protection services

Finger Lakes Health

Breach Type - Ransomware

WHEC
March 20th, 2018

Hackers demand ransom to decrypt files of Finger Lakes Health NY
No evidence of compromised patient/staff data has surfaced
Employees have emergency plan for cyber attacks
Daily tasks completed manually

St. Peter's Hospital

Breach Type - Hack

timesunion
March 2nd, 2018

Malware installed on St. Peter's servers
Second largest breach of NY since 2016 hits St. Peter's Hospital
Hackers potentially compromised medical records of 135,000 patients

Jones Memorial Hospital

Breach Type - Hack

WIBV
December 27th, 2017

Experienced unexpected downtime due to cyber attack
Manually entering information into patient charts
No patient data is believed to be compromised

SC Magazine
December 28th, 2017

Jones Memorial rendered a limited number of information services inoperable
Working with University of Rochester, Noyes Health & St. James Mercy Hospital to restore systems

EHR Intelligence
January 9th, 2018

Systems back online after two weeks of E.H.R. downtime
Evaluating and updating security measures to prevent future attacks

Pharmacy Innovations

Breach Type - Hack

Biz Journals
December 26th, 2017

Hack leads to breached data of more than 1,200 patients
Pharmacy Innovations was the 4th health data breach for NY in 2017
Case under investigation by the Office for Civil Rights

Kaleida Health

Breach Type - Phishing

Healthcare IT News
August 31st, 2017

Kaleida Health employee falls victim to phishing scheme
Private data of 744 individuals potentially affected
Kaleida offering free credit monitoring
As a result of multiple data breaches, Kaleida working to improve cyber security

Erie County Medical Center

Breach Type - Ransomware

Buffalo News
April 9th, 2017

Ransomware attack causes computer system disruption
Affected the medical center's ability to provide medical treatment
ECMC refused to pay ransom
Restoring systems with help of IT staff

Metropolitan Jewish Health System

Breach Type - Phishing

Data Breaches
April 5th, 2016

Employees falls victim to spear phishing scheme
Some patient data left available to hacker
Notified patients about the phishing scam & established a security hotline
Health system reinforcing dangers of phishing to staff

Education

Erie Community College, Erie County

Breach Type – Unknown, Malware

Buffalo News
July 22nd, 2020

50 computers were disabled by a malware attack causing the college to go offline
Windows based computers were the only ones affected on all three college locations
Student data has not been affected by this attack due to backup servers

Jamesville-DeWitt High School listserv Email Application, Onondaga County

Breach Type – Hacking, Other

Syracuse
June 25th, 2020

Three vulgar emails directed at school officials sent to student body
Bad actor hacked into school email listserv distributor
Officials suggested students log into email and have parents erase the messages

Niagara University, Niagara County

Breach Type – Unknown, Ransomware

Buffalo Business First
February 12th, 2020

University services were impacted following cyberattack
Bad actors used ransomware to disrupt college network
Campus law enforcement investigated the attack

Pierson High School, Suffolk County

Breach Type – Hacking, Data Breach

Dans Papers
November 23rd, 2019

School district's computer systems were seized in cyberattack
Outage remained in effect over a week later, originally predicted to last 24 hours
Officials forced to utilize third part cybersecurity firm to assist with restoration

Mineola School District, Nassau County

Breach Type – Unknown, Ransomware

MSSP Alert
August 23rd, 2019

This school district being one of many struck by a Ryuk virus was able to restore encrypted files from backups
The Ryuk was also specifically designed to encrypt all backups in an attempt to secure the need for ransom
The Mineola school district was lucky that the backup was offline at the time of the attack, as servers were being worked on

Rockville Centre School District, Nassau County

Breach Type – Unknown, Ransomware

News Day
August 24th, 2019

The school district paid almost $100,000 in ransom in an attempt to restore encrypted files on their servers
Due to their insurance the school was able to afford payment
IT was able to halt the encryption halfway through as it was attempting to spread

SC Magazine
August 26th, 2019

$88,000 was paid in ransom to restore access to their files
Since the school district was able to halt the encryption processes and restore many files the ransom costs dropped almost $100,000
The school district states that paying the ransom was a result of exhausting all efforts made

Watertown City School District, Jefferson County

Breach Type – Unknown, Malware

WWNYTV
July 29th, 2019

School district victim of malware attack, officials unsure of data loss
Superintendent stated that attacker had not yet demanded ransom
Watertown City School District advised to not logon to computer systems

Syracuse City School District, Onandaga County

Breach Type – Unknown, Ransomware

Syracuse
July 11th, 2019

Ransomware hit the city’s school district and caused a week-long outage
The attack locked the school district out from using their own systems
The school is getting conflicting advice from their cyber insurance company vs. the FBI on whether to pay the ransom

Monroe College, Bronx County

Breach Type – Unknown, Ransomware

Syracuse
July 11th, 2019

Monroe College based in Bronx, New York hit by ransomware attack with hackers demanding $2 million in Bitcoin
Campuses and facilities located in NY and FL have been impacted
Details of the attack have not yet been released to the public, but police are investigating

OCM BOCES, Onondaga Co., Cortland Co., Madison Co.

Breach Type - Other, TDoS/DDoS

Local SYR
October 4th, 2018

Cyber attack disrupted the OCM BOCES network causing huge problems for school districts
Hackers are causing denial of security attacks
All personal and confidential information related to students and employees has been well protected

The University at Buffalo, Erie County

Breach Type - Hack

The Spectrum
May 19th, 2018

Thousands of University at Buffalo accounts hacked
28 faculty & staff accounts compromised
Login credentials stolen when entered into malicious website

OCM BOCES District

Breach Type - Hack

CNY Central
April 13th, 2018

Cyber-attack targets OCM BOCES district during its ELA assessment testing
Attack shut down network intermittently, forcing reschedule of tests
No data stolen thanks to security measures in place
Technicians working to restore & stabilize connection for continuation of testing

Buffalo Public Schools District

Breach Type - Hack

Buffalo News
March 24th, 2018

Denial of Service attack hits Buffalo Public Schools' network
The attack caused problems for the district for several hours
District officials believe the hackers are from overseas

The City University of New York Website

Breach Type - Hack/Cryptomining

WCCFTECH
February 12th, 2018

Cryptojackers abuse "browsealoud" plugin to mine Monero from unsuspecting web-users
Over 4,200 webpages globally, affected by scheme
The City University of New York, Lehman College, and La Guardia Community College websites were all used by hackers to generate cryptocurrency

Cornell University

Breach Type - Phishing

Cornell Sun
May 3rd, 2017

Cornell University one of many servers affected by a Google Docs phishing scheme
Users affected had to immediately change passwords
Some contact data potentially exposed

Rhinebeck School District

Breach Type - Ransomware

Daily Freeman
June 15th, 2016

Ransomware infects Rhinebeck School District through malicious email
Hackers demanded a $500 ransom to decrypt the servers
The district's IT traced the malware for 9 hours
Restored system using off-site backups
No data lost

Hudson City School District

Breach Type - Phishing

Data Breaches
January 24th, 2016

Hudson City School District employee fell victim to phishing scheme
Hackers may have accessed social security numbers of all district staff
The attack mimicked the phishing scam which affected Lawrence Schools in Massachusetts

New York Cyber Attacks

Infrastructure Affected

Public Safety

Government

Medical

Education

Public Safety

Local Government

Medical

Education