New York Cyber Attacks

Infrastructure Affected

Public Safety
Government
Medical
Education
 
New York.jpg
 

Public Safety

Schenectady County Government, Office of Sheriff, & Correctional Facility, Schenectady County

Breach Type - Malware

News 10
December 13th, 2018
  • Schenectady County officials detected a virus in the computer network
  • County website and email system temporarily shut down
  • No evidence of data breach due to virus
  • 911 Central Dispatch Center unaffected
Read More
Times Union
December 13th, 2018
  • Network systems hacked and rendered offline
  • Jail & Courthouse affected
  • Malware quickly detected
  • As a result, emails and website systems shut down
Read More
Gov Tech
December 20th, 2018
  • Sheriff's office computer systems compromised by malware
  • Hackers suspected to be part of crime syndicate
  • Malware moved laterally across systems targeting data
Read More

 
Schuyler County Sheriff’s Department

Breach Type - Hack

Lockport Journal
September 7th, 2017
  • Direct attack from foreign country on Schuyler County
  • Hackers attempted multiple passwords to get online
Read More
WENY News
September 11th, 2017
  • No data was compromised/breached
  • Schuyler county was up to date with anti-virus & anti-malware
  • This specific attack was more advanced than the security they had set up
Read More

 
BACK TO TOP

Local Government

Onandaga County Public Library Systems

Breach Type – Unknown, Other

Syracuse
July 13th, 2019
  • Public library announced via social media that online systems were down and expected not to be online until after the weekend
  • All branches impacted and online catalog and accounts were not available – some phone systems were also impacted
  • Unclear if this outage is connected with the Syracuse City School District ransomware attack
Read More

 
Broome County Government Systems, Broome County

Breach Type - Phishing, Data Breach

Press Connects
May 31st, 2019
  • Broome County victim of cyber attack, suspect likely accessed personal information of county employees
  • County officials discovered the breach after employee's direct deposit information was changed
  • Officials advised that they added multi-factor authentication and additional employee training
Read More

 
City of Albany, Albany County

Breach Type - Unknown, Ransomware

Times Union
March 30th, 2019
  • The city had fallen victim to a ransomware attack and it was announced publicly
  • The full extent of the attack was not immediately revealed
  • It is still being examined and information will be released to the public as it is found
Read More
Times Union
March 31st, 2019
  • The Albany Police Officers Union was affected by this attack
  • Many city services were taken down due to the attack, the Police Union could not access internet-dependent systems
  • Limited access affected the patrols and their operations, the department was still manned properly
Read More

 
U.S. Congressman (Peter King) Campaign Website, Long Island, Kings County, Queens County

Breach Type - Other

wshu Public Radio
October 9th, 2018
  • Campaign website for U.S. Congressman, Peter King, targeted by hackers
  • Cyber attackers defaced website with Turkish Propaganda
  • Malware has since been removed, unknown how the attackers infiltrated the website
Read More

 
Otsego County

Breach Type - Other, Cryptojacking

The Daily Star
October 4th, 2018
  • County government experienced significant cyber attack
  • Infiltrators exploited zero-day vulnerability in system
  • Services taken offline
  • No indication that citizen data was accessed or exposed
Read More
The Daily Star
October 10th, 2018
  • Eastern European hackers infiltrated Otsego county network
  • Used system’s computing power to mine cryptocurrency
  • Systems ran very slowly, CPU’s maxed out, several servers showed alerts of a potential virus
  • Remote desktop server in a county employee’s home was identified as the source of the breach
Read More

 
Town of Ulster, Ulster County

Breach Type - Malware

Daily Freeman
September 26th, 2018
  • Entire town system affected by virus
  • Virus infiltrated outlook accounts, sending mass mal-spam emails to town contacts
  • Town of Ulster constantly re-infected with virus resulting in a painstaking recovery
Read More

 
Town of Irondequoit, Monroe County

Breach Type - Phishing, Other

13 abc WHAM
September 11th, 2018
  • Irondequoit employee fell victim to phishing scheme
  • Email account used to send out unauthorized mass email
  • Email contains malicious PDF attachment
  • Town warning to immediately receive the malicious email should residents receive it
Read More

 
St. Lawrence County Website, St. Lawrence County

Breach Type - Hacking, Other

WW NY TV
August 21st, 2018
  • Website shut down due to hack
  • St. Lawrence county home-page defaced
  • Hackers claimed to contain private county information
  • County does not believe any private information compromised
Read More
WW NY TV
August 22nd, 2018
  • Employees instructed to reset account passwords in wake of website defacement
  • IT department conducting investigation to find source of hack
  • County website will be restored after investigation concludes
Read More

 
Town of Brookhaven

Breach Type - Hack

CBS New York
June 26th, 2017
  • Part of Islamic Union test hacks of government websites
  • Team System Dz claims responsibility
  • Brookhaven one of 76 websites impacted in this string of ISIS Propaganda
Read More

 
Rensselaer Public Library

Breach Type - Ransomware

Altamont Enterprise
June 1st, 2017
  • Hackers ask for several hundred dollars as ransom
  • Library server was slow, indicating virus had infected system
  • Wiped server clean and restored it in a week
Read More

 
Orange County

Breach Type - Hack

Data Breaches
October 21st, 2016
  • Hackers gain access to those involved with Middletown PD
  • Investigation has not proven fraudulent misuse of personal information
  • FBI notified city that its network was compromised
Read More

 
Onondaga County

Breach Type - Ransomware

Syracuse
March 14th, 2016
  • Virus originated from Russia
  • Employee recognized suspicious activity on computer and notified IT dept. immediately
  • IT staff shut computer of network before virus could spread
  • Virus was thwarted, further investigation helped identify cause and origin
Read More

 
BACK TO TOP

Medical

Adirondack Health, Franklin County

Breach Type - Hacking, Data Breach

Health IT Security
July 16th, 2019
  • 25,000 patients have been notified following an attack potentially exposing sensitive information
  • A hacker had gained access to an email account allowing them to view protected information of one email containing medical information
  • It does not seem to originate from a phishing attack and instead accessed from an outside remote attack
Read More

 
Olean Medical Group, Cattaraugus County

Breach Type - Unknown, Ransomware

Olean Times Herald
June 17th, 2019
  • It was discovered that 40,000 patients were not exposed following a hack
  • The group remains actively practicing, simply resorting to pen and paper as systems are restored
  • The attack was compared to a terrorist attack as hackers sought out an large sum in order to supposedly restore files
Read More

 
Episcopal Health Services, Queens County

Breach Type - Phishing, Data Breach

Data Breaches
May 10th, 2019
  • There had been suspicious email activity in employee’s email accounts
  • Third party investigators assisted investigations finding that the accounts had been accessed
  • Some sensitive patient information had been exposed due to the compromised email accounts
Read More

 
DePaul’s Behavioral Health Program, Erie County

Breach Type - Phishing, Data Breach

Democrat and Chronicle
March 30th, 2019
  • There was a data breach found that had left some patients exposed
  • Over 40,000 emails were examined due to this phishing scam
  • There was a percentage of emails that contained sensitive patient information
Read More

 
Elizabethtown Community Hospital, Essex County

Breach Type - Phishing, Data Breach

Data Breaches
December 17th, 2018
  • Employee’s email account was remotely accessed by an unauthorized user
  • Incident did not affect the hospital’s computer networks or electronic medical records
  • Compromised account contained sensitive medical information of patients
  • Patients’ data potentially compromised
Read More

 
Episcopal Health Services, Queens County

Breach Type - Phishing, Data Breach

Data Breaches
November 16th, 2018
  • Email accounts subject to unauthorized access for 2 months
  • Third party forensic investigators thoroughly inspected the suspicious activity
  • The accounts involved contained protected health information and financial information
Read More

 
New York Oncology Hematology, Albany County

Breach Type - Phishing, Data Breach

Times Union
November 16th, 2018
  • Health insurance records for more than 128,000 patients and workers potentially stolen by hackers
  • New York Oncology Hematology reported that staff fell victim to phishing attack
  • Cyber attack occurred in April and no evidence has surfaced that personal data was accessed or misused
Read More

 
Med Associates, Inc. - Albany Co.

Breach Type - Hack

WHEC
June 15th, 2018
  • Med Associates discovered unusual activity at workstation
  • Hackers accessed the workstation & potentially compromised PHI
  • Med Associates worked to notify patients & offered identity protection services
Read More

 
Middletown Medical, Orange County

Breach Type - Other/Vulnerability, Data Breach

Record Online
March 29th, 2018
  • Security setting in radiology interference allowed access to electronic patient information
  • Middletown Medical acted to prevent further unauthorized access
  • Notified potentially affected individuals and offered one year of identity protection services
Read More

 
Finger Lakes Health

Breach Type - Ransomware

WHEC
March 20th, 2018
  • Hackers demand ransom to decrypt files of Finger Lakes Health NY
  • No evidence of compromised patient/staff data has surfaced
  • Employees have emergency plan for cyber attacks
  • Daily tasks completed manually
Read More

 
St. Peter's Hospital

Breach Type - Hack

timesunion
March 2nd, 2018
  • Malware installed on St. Peter's servers
  • Second largest breach of NY since 2016 hits St. Peter's Hospital
  • Hackers potentially compromised medical records of 135,000 patients
Read More

 
Jones Memorial Hospital

Breach Type - Hack

WIBV
December 27th, 2017
  • Experienced unexpected downtime due to cyber attack
  • Manually entering information into patient charts
  • No patient data is believed to be compromised
Read More
SC Magazine
December 28th, 2017
  • Jones Memorial rendered a limited number of information services inoperable
  • Working with University of Rochester, Noyes Health & St. James Mercy Hospital to restore systems
Read More
EHR Intelligence
January 9th, 2018
  • Systems back online after two weeks of E.H.R. downtime
  • Evaluating and updating security measures to prevent future attacks
Read More

 
Pharmacy Innovations

Breach Type - Hack

Biz Journals
December 26th, 2017
  • Hack leads to breached data of more than 1,200 patients
  • Pharmacy Innovations was the 4th health data breach for NY in 2017
  • Case under investigation by the Office for Civil Rights
Read More

 
Kaleida Health

Breach Type - Phishing

Healthcare IT News
August 31st, 2017
  • Kaleida Health employee falls victim to phishing scheme
  • Private data of 744 individuals potentially affected
  • Kaleida offering free credit monitoring
  • As a result of multiple data breaches, Kaleida working to improve cyber security
Read More

 
Erie County Medical Center

Breach Type - Ransomware

Buffalo News
April 9th, 2017
  • Ransomware attack causes computer system disruption
  • Affected the medical center's ability to provide medical treatment
  • ECMC refused to pay ransom
  • Restoring systems with help of IT staff
Read More

 
Metropolitan Jewish Health System

Breach Type - Phishing

Data Breaches
April 5th, 2016
  • Employees falls victim to spear phishing scheme
  • Some patient data left available to hacker
  • Notified patients about the phishing scam & established a security hotline
  • Health system reinforcing dangers of phishing to staff
Read More

 
BACK TO TOP

Education

Watertown City School District, Jefferson County

Breach Type – Unknown, Malware

WWNYTV
July 29th, 2019
  • School district victim of malware attack, officials unsure of data loss
  • Superintendent stated that attacker had not yet demanded ransom
  • Watertown City School District advised to not logon to computer systems
Read More

 
Syracuse City School District, Onandaga County

Breach Type – Unknown, Ransomware

Syracuse
July 11th, 2019
  • Ransomware hit the city’s school district and caused a week-long outage
  • The attack locked the school district out from using their own systems
  • The school is getting conflicting advice from their cyber insurance company vs. the FBI on whether to pay the ransom
Read More

 
Monroe College, Bronx County

Breach Type – Unknown, Ransomware

Syracuse
July 11th, 2019
  • Monroe College based in Bronx, New York hit by ransomware attack with hackers demanding $2 million in Bitcoin
  • Campuses and facilities located in NY and FL have been impacted
  • Details of the attack have not yet been released to the public, but police are investigating
Read More

 
OCM BOCES, Onondaga Co., Cortland Co., Madison Co.

Breach Type - Other, TDoS/DDoS

Local SYR
October 4th, 2018
  • Cyber attack disrupted the OCM BOCES network causing huge problems for school districts
  • Hackers are causing denial of security attacks
  • All personal and confidential information related to students and employees has been well protected
Read More

 
The University at Buffalo, Erie County

Breach Type - Hack

The Spectrum
May 19th, 2018
  • Thousands of University at Buffalo accounts hacked
  • 28 faculty & staff accounts compromised
  • Login credentials stolen when entered into malicious website
Read More

 
OCM BOCES District

Breach Type - Hack

CNY Central
April 13th, 2018
  • Cyber-attack targets OCM BOCES district during its ELA assessment testing
  • Attack shut down network intermittently, forcing reschedule of tests
  • No data stolen thanks to security measures in place
  • Technicians working to restore & stabilize connection for continuation of testing
Read More

 
Buffalo Public Schools District

Breach Type - Hack

Buffalo News
March 24th, 2018
  • Denial of Service attack hits Buffalo Public Schools' network
  • The attack caused problems for the district for several hours
  • District officials believe the hackers are from overseas
Read More

 
The City University of New York Website

Breach Type - Hack/Cryptomining

WCCFTECH
February 12th, 2018
  • Cryptojackers abuse "browsealoud" plugin to mine Monero from unsuspecting web-users
  • Over 4,200 webpages globally, affected by scheme
  • The City University of New York, Lehman College, and La Guardia Community College websites were all used by hackers to generate cryptocurrency
Read More

 
Cornell University

Breach Type - Phishing

Cornell Sun
May 3rd, 2017
  • Cornell University one of many servers affected by a Google Docs phishing scheme
  • Users affected had to immediately change passwords
  • Some contact data potentially exposed
Read More

 
Rhinebeck School District

Breach Type - Ransomware

Daily Freeman
June 15th, 2016
  • Ransomware infects Rhinebeck School District through malicious email
  • Hackers demanded a $500 ransom to decrypt the servers
  • The district's IT traced the malware for 9 hours
  • Restored system using off-site backups
  • No data lost
Read More

 
Hudson City School District

Breach Type - Phishing

Data Breaches
January 24th, 2016
  • Hudson City School District employee fell victim to phishing scheme
  • Hackers may have accessed social security numbers of all district staff
  • The attack mimicked the phishing scam which affected Lawrence Schools in Massachusetts
Read More

 
BACK TO TOP

Cybersecurity for Public Safety

SecuLore Solutions © 2016-2019