Suffolk County Executive Steve Bellone (D) and county officials announced Friday, Feb. 17, that Suffolk has made progress restoring cybersecurity.
The announcement comes after county websites, servers and networks have been offline since September last year — the results of cyberattacks that first struck at the end of 2021. The county’s main website was restored online Friday, with more services coming online this week.
Bellone thanked everyone involved, including county IT professionals and County Clerk Vincent Puleo (R), who entered office earlier this year.
“His leadership and his partnership in the brief time that he’s been on the job has allowed us to make incredible progress, and he’s responsible for the announcement that we have today,” Bellone said.
The county executive reviewed key findings from a forensic investigation of the cyberattack that began in the County Clerk’s Office in December of 2021. According to Bellone, hackers were able to enter the clerk office’s system, and for eight months were able to operate before securing additional credentials to migrate into the general county system.
Bellone added that an IT director in the clerk’s office had been placed on administrative leave after, the county executive said, the director obstructed efforts, resulting in countless delays to restore security.
Bellone said every county office was deemed clean by Oct. 17, except for the County Clerk’s Office, and the expense of the security breach has been “extremely costly to taxpayers of this county.”
Despite hackers demanding $2.5 million from the county, Suffolk refused to pay the ransom.
Bellone said the county had replaced the County Clerk Office’s firewall with the most updated protection.
“The clerk’s office has been deemed clean, and we are able to start to restore online services beginning with the county website,” he said.
The county executive said he knows now the segregated IT environment within the various county offices was a mistake. He added it was fair to criticize him.
“I should have more quickly implemented the recommendations in the 2019 cybersecurity assessment, which I commissioned, to hire an additional executive level leader focused on cybersecurity,” Bellone said.
Puleo said the county’s IT department’s dedication has been unwavering during the process.
“Going forward, we will do everything we can in the clerk’s office to cooperate and get things where they belong and keep the protection so that the whole county IT is protected from future attacks,” the county clerk said.