Why did county know about Modesto’s IT meltdown days before city informed public?
Stanislaus County was notified of a “possible cyber incident” on Modesto’s computer network on Feb. 3, five days before the city publicly acknowledged a problem.
Multiple sources with direct knowledge of the situation told The Bee last week the Police Department had been the target of ransomware, a type of malicious software, or malware, that hackers use to infect and hobble a computer or computer network until a ransom is paid or other demands are met.
City officials first acknowledged that there had been suspicious activity on its digital network only after The Bee inquired about the matter on Feb. 8. It still has not confirmed that the breach was a ransomware attack. The Bee reported Feb. 9 that ransomware had hobbled the Police Department’s computer network.
City officials also declined to comment Wednesday when asked about the county learning about the incident Feb. 3 and declined to provide more information beyond the statement it issued Feb. 8. “We have nothing more to add at this time,” spokesman Andrew Gonzales said in a text.
As part of its followup reporting, The Bee contacted government agencies that work with the city regarding this incident.
Stanislaus County spokeswoman Sonya Severo issued this statement Wednesday: “The County was informed on February 3, 2023, of a possible cyber incident impacting the City of Modesto’s information technology network. The County temporarily blocked network connections and email from the City of Modesto on February 3, 2023, in order to examine County systems for any potential exposures.”
The statement said “network access and email connectivity were reinstated” Monday for all city departments except for the Police Department. “We remain in communication with Modesto’s IT leadership to evaluate any system vulnerabilities prior to reconnecting with MPD’s network.”
The statement said all county departments including Stanislaus Regional 911 have used backup procedures “to ensure continuity of all County operations.”
When asked for more information, including whether it was the city that informed the county about the potential “cyber incident,” Severo said the county would have no further comment because this is an evolving situation.
Last week’s statement said Modesto is conducting an investigation with leading cybersecurity experts after it “recently detected suspicious activity on (its) digital network.”
The statement said the incident had not affected the city’s ability to deliver services.
Modesto is “experiencing limited connectivity to some systems. Our ability to facilitate city services including emergency service and answer 911 calls is fully operational. We thank our residents for their patience and understanding,” according to the statement.
Modesto said in its statement that it “strategically disconnected portions of (its) network out of an abundance of caution.”
The Bee interviewed four sources last week who spoke on condition of anonymity because of the sensitivity of the matter.
While the extent of the damage was not fully known, the newspaper reported the cybersecurity breach had disabled patrol vehicle laptops, causing officers to resort to “old-school policing.” Since the attack, officers must write down the details of the calls they receive from dispatch rather than receiving them through electronic communication.
One of the sources said Modesto officers could be heard on police scanners telling dispatch when they were transporting suspects to jail or asking for their next call after completing their current one. Before the attack, these communications had been done by computer.
A Modesto City Schools spokeswoman said in a Wednesday email that the district learned about the incident Feb. 9. She did not provide an answer when asked whether the city informed the school district.
“The Modesto Police Department has very limited access to our system,” spokeswoman Linda Mumma Solorio said in an email. “It’s read-only information, however out of an abundance of caution, the district temporarily disabled access until further notice.
“The district is in ongoing communication with MPD and will enable access to our system once the integrity of their network is restored.”
Modesto Irrigation District spokeswoman Melissa Williams said in email that the district’s and the city’s IT systems are not interconnected so the city’s issues are not affecting MID. “Our IT systems are fully operational,” Williams wrote.
This story was originally published February 16, 2023 at 11:42 AM.
