New York Cyber Attacks

Infrastructure Affected

Public Safety
Government
Medical
Education
 
New York.jpg
 

Public Safety

Schenectady County Government, Office of Sheriff, & Correctional Facility, Schenectady County

Breach Type - Malware

News 10

  • Schenectady County officials detected a virus in the computer network
  • County website and email system temporarily shut down
  • No evidence of data breach due to virus
  • 911 Central Dispatch Center unaffected
Read More
Times Union

  • Network systems hacked and rendered offline
  • Jail & Courthouse affected
  • Malware quickly detected
  • As a result, emails and website systems shut down
Read More
Gov Tech

  • Sheriff's office computer systems compromised by malware
  • Hackers suspected to be part of crime syndicate
  • Malware moved laterally across systems targeting data
Read More

 
Schuyler County Sheriff’s Department

Breach Type - Hack

Lockport Journal

  • Direct attack from foreign country on Schuyler County
  • Hackers attempted multiple passwords to get online
Read More
WENY News

  • No data was compromised/breached
  • Schuyler county was up to date with anti-virus & anti-malware
  • This specific attack was more advanced than the security they had set up
Read More

 
BACK TO TOP

Local Government

Broome County Government Systems, Broome County

Breach Type - Phishing, Data Breach

Press Connects

  • Broome County victim of cyber attack, suspect likely accessed personal information of county employees
  • County officials discovered the breach after employee's direct deposit information was changed
  • Officials advised that they added multi-factor authentication and additional employee training
Read More

 
City of Albany, Albany County

Breach Type - Unknown, Ransomware

Times Union

  • The city had fallen victim to a ransomware attack and it was announced publicly
  • The full extent of the attack was not immediately revealed
  • It is still being examined and information will be released to the public as it is found
Read More
Times Union

  • The Albany Police Officers Union was affected by this attack
  • Many city services were taken down due to the attack, the Police Union could not access internet-dependent systems
  • Limited access affected the patrols and their operations, the department was still manned properly
Read More

 
U.S. Congressman (Peter King) Campaign Website, Long Island, Kings County, Queens County

Breach Type - Other

wshu Public Radio

  • Campaign website for U.S. Congressman, Peter King, targeted by hackers
  • Cyber attackers defaced website with Turkish Propaganda
  • Malware has since been removed, unknown how the attackers infiltrated the website
Read More

 
Otsego County

Breach Type - Other, Cryptojacking

The Daily Star

  • County government experienced significant cyber attack
  • Infiltrators exploited zero-day vulnerability in system
  • Services taken offline
  • No indication that citizen data was accessed or exposed
Read More
The Daily Star

  • Eastern European hackers infiltrated Otsego county network
  • Used system’s computing power to mine cryptocurrency
  • Systems ran very slowly, CPU’s maxed out, several servers showed alerts of a potential virus
  • Remote desktop server in a county employee’s home was identified as the source of the breach
Read More

 
Town of Ulster, Ulster County

Breach Type - Malware

Daily Freeman

  • Entire town system affected by virus
  • Virus infiltrated outlook accounts, sending mass mal-spam emails to town contacts
  • Town of Ulster constantly re-infected with virus resulting in a painstaking recovery
Read More

 
Town of Irondequoit, Monroe County

Breach Type - Phishing, Other

13 abc WHAM

  • Irondequoit employee fell victim to phishing scheme
  • Email account used to send out unauthorized mass email
  • Email contains malicious PDF attachment
  • Town warning to immediately receive the malicious email should residents receive it
Read More

 
St. Lawrence County Website, St. Lawrence County

Breach Type - Hacking, Other

WW NY TV

  • Website shut down due to hack
  • St. Lawrence county home-page defaced
  • Hackers claimed to contain private county information
  • County does not believe any private information compromised
Read More
WW NY TV

  • Employees instructed to reset account passwords in wake of website defacement
  • IT department conducting investigation to find source of hack
  • County website will be restored after investigation concludes
Read More

 
Town of Brookhaven

Breach Type - Hack

CBS New York

  • Part of Islamic Union test hacks of government websites
  • Team System Dz claims responsibility
  • Brookhaven one of 76 websites impacted in this string of ISIS Propaganda
Read More

 
Rensselaer Public Library

Breach Type - Ransomware

Altamont Enterprise

  • Hackers ask for several hundred dollars as ransom
  • Library server was slow, indicating virus had infected system
  • Wiped server clean and restored it in a week
Read More

 
Orange County

Breach Type - Hack

Data Breaches

  • Hackers gain access to those involved with Middletown PD
  • Investigation has not proven fraudulent misuse of personal information
  • FBI notified city that its network was compromised
Read More

 
Onondaga County

Breach Type - Ransomware

Syracuse

  • Virus originated from Russia
  • Employee recognized suspicious activity on computer and notified IT dept. immediately
  • IT staff shut computer of network before virus could spread
  • Virus was thwarted, further investigation helped identify cause and origin
Read More

 
BACK TO TOP

Medical

Episcopal Health Services, Queens County

Breach Type - Phishing, Data Breach

Data Breaches

  • There had been suspicious email activity in employee’s email accounts
  • Third party investigators assisted investigations finding that the accounts had been accessed
  • Some sensitive patient information had been exposed due to the compromised email accounts
Read More

 
DePaul’s Behavioral Health Program, Erie County

Breach Type - Phishing, Data Breach

Democrat and Chronicle

  • There was a data breach found that had left some patients exposed
  • Over 40,000 emails were examined due to this phishing scam
  • There was a percentage of emails that contained sensitive patient information
Read More

 
Elizabethtown Community Hospital, Essex County

Breach Type - Phishing, Data Breach

Data Breaches

  • Employee’s email account was remotely accessed by an unauthorized user
  • Incident did not affect the hospital’s computer networks or electronic medical records
  • Compromised account contained sensitive medical information of patients
  • Patients’ data potentially compromised
Read More

 
Episcopal Health Services, Queens County

Breach Type - Phishing, Data Breach

Data Breaches

  • Email accounts subject to unauthorized access for 2 months
  • Third party forensic investigators thoroughly inspected the suspicious activity
  • The accounts involved contained protected health information and financial information
Read More

 
New York Oncology Hematology, Albany County

Breach Type - Phishing, Data Breach

Times Union

  • Health insurance records for more than 128,000 patients and workers potentially stolen by hackers
  • New York Oncology Hematology reported that staff fell victim to phishing attack
  • Cyber attack occurred in April and no evidence has surfaced that personal data was accessed or misused
Read More

 
Med Associates, Inc. - Albany Co.

Breach Type - Hack

WHEC

  • Med Associates discovered unusual activity at workstation
  • Hackers accessed the workstation & potentially compromised PHI
  • Med Associates worked to notify patients & offered identity protection services
Read More

 
Middletown Medical, Orange County

Breach Type - Other/Vulnerability, Data Breach

Record Online

  • Security setting in radiology interference allowed access to electronic patient information
  • Middletown Medical acted to prevent further unauthorized access
  • Notified potentially affected individuals and offered one year of identity protection services
Read More

 
Finger Lakes Health

Breach Type - Ransomware

WHEC

  • Hackers demand ransom to decrypt files of Finger Lakes Health NY
  • No evidence of compromised patient/staff data has surfaced
  • Employees have emergency plan for cyber attacks
  • Daily tasks completed manually
Read More

 
St. Peter's Hospital

Breach Type - Hack

timesunion

  • Malware installed on St. Peter's servers
  • Second largest breach of NY since 2016 hits St. Peter's Hospital
  • Hackers potentially compromised medical records of 135,000 patients
Read More

 
Jones Memorial Hospital

Breach Type - Hack

WIBV

  • Experienced unexpected downtime due to cyber attack
  • Manually entering information into patient charts
  • No patient data is believed to be compromised
Read More
SC Magazine

  • Jones Memorial rendered a limited number of information services inoperable
  • Working with University of Rochester, Noyes Health & St. James Mercy Hospital to restore systems
Read More
EHR Intelligence

  • Systems back online after two weeks of E.H.R. downtime
  • Evaluating and updating security measures to prevent future attacks
Read More

 
Pharmacy Innovations

Breach Type - Hack

Biz Journals

  • Hack leads to breached data of more than 1,200 patients
  • Pharmacy Innovations was the 4th health data breach for NY in 2017
  • Case under investigation by the Office for Civil Rights
Read More

 
Kaleida Health

Breach Type - Phishing

Healthcare IT News

  • Kaleida Health employee falls victim to phishing scheme
  • Private data of 744 individuals potentially affected
  • Kaleida offering free credit monitoring
  • As a result of multiple data breaches, Kaleida working to improve cyber security
Read More

 
Erie County Medical Center

Breach Type - Ransomware

Buffalo News

  • Ransomware attack causes computer system disruption
  • Affected the medical center's ability to provide medical treatment
  • ECMC refused to pay ransom
  • Restoring systems with help of IT staff
Read More

 
Metropolitan Jewish Health System

Breach Type - Phishing

Data Breaches

  • Employees falls victim to spear phishing scheme
  • Some patient data left available to hacker
  • Notified patients about the phishing scam & established a security hotline
  • Health system reinforcing dangers of phishing to staff
Read More

 
BACK TO TOP

Education

Breach Type - Other, TDoS/DDoS

Local SYR

  • Cyber attack disrupted the OCM BOCES network causing huge problems for school districts
  • Hackers are causing denial of security attacks
  • All personal and confidential information related to students and employees has been well protected
Read More

 
OCM BOCES, Onondaga Co., Cortland Co., Madison Co.

Breach Type - Other, TDoS/DDoS

Local SYR

  • Cyber attack disrupted the OCM BOCES network causing huge problems for school districts
  • Hackers are causing denial of security attacks
  • All personal and confidential information related to students and employees has been well protected
Read More

 
The University at Buffalo, Erie County

Breach Type - Hack

The Spectrum

  • Thousands of University at Buffalo accounts hacked
  • 28 faculty & staff accounts compromised
  • Login credentials stolen when entered into malicious website
Read More

 
OCM BOCES District

Breach Type - Hack

CNY Central

  • Cyber-attack targets OCM BOCES district during its ELA assessment testing
  • Attack shut down network intermittently, forcing reschedule of tests
  • No data stolen thanks to security measures in place
  • Technicians working to restore & stabilize connection for continuation of testing
Read More

 
Buffalo Public Schools District

Breach Type - Hack

Buffalo News

  • Denial of Service attack hits Buffalo Public Schools' network
  • The attack caused problems for the district for several hours
  • District officials believe the hackers are from overseas
Read More

 
The City University of New York Website

Breach Type - Hack/Cryptomining

WCCFTECH

  • Cryptojackers abuse "browsealoud" plugin to mine Monero from unsuspecting web-users
  • Over 4,200 webpages globally, affected by scheme
  • The City University of New York, Lehman College, and La Guardia Community College websites were all used by hackers to generate cryptocurrency
Read More

 
Cornell University

Breach Type - Phishing

Cornell Sun

  • Cornell University one of many servers affected by a Google Docs phishing scheme
  • Users affected had to immediately change passwords
  • Some contact data potentially exposed
Read More

 
Rhinebeck School District

Breach Type - Ransomware

Daily Freeman

  • Ransomware infects Rhinebeck School District through malicious email
  • Hackers demanded a $500 ransom to decrypt the servers
  • The district's IT traced the malware for 9 hours
  • Restored system using off-site backups
  • No data lost
Read More

 
Hudson City School District

Breach Type - Phishing

Data Breaches

  • Hudson City School District employee fell victim to phishing scheme
  • Hackers may have accessed social security numbers of all district staff
  • The attack mimicked the phishing scam which affected Lawrence Schools in Massachusetts
Read More

 
BACK TO TOP