The City of Hamilton is facing a significant financial burden of over $18 million following a ransomware attack that struck its systems. This hefty sum will be paid by the city itself after its insurance provider denied a claim for reimbursement. The insurer’s decision, which has been upheld by a third-party review, was directly tied to the city’s failure to fully implement multi-factor authentication (MFA) for its online services. This lack of a critical security measure at the time of the February cyberattack was deemed a violation of the terms of their policy, leaving the municipality to bear the full financial weight of the recovery.
The financial fallout from the cyberattack is extensive, with a total cost of $18.3 million reported so far. The city’s staff report breaks down these expenses, revealing that the majority of the funds—over $14 million—have been allocated to external cybersecurity experts brought in to assist with the recovery. An additional $1 million each has been directed toward new infrastructure, staffing, and other related costs, highlighting the comprehensive nature of the rebuilding process. The city’s leadership, including Mayor Andrea Horwath, has acknowledged the frustration of Hamiltonians, stating that the incident underscores a failure to meet the expected standards of strong, secure, and dependable public systems.
The ransomware attack itself was a serious breach that crippled nearly 80 percent of the city’s network. The attackers demanded a ransom of approximately $18.5 million for a decryption tool. However, the city made the strategic decision not to pay the ransom, a move supported by third-party experts and law enforcement. City Manager Marnie Cluckie explained that paying the ransom would have increased “risk and financial exposure” and was not in the best interest of the city’s residents. This decision, she noted, aligns with industry best practices for handling such incidents, prioritizing a responsible and secure rebuilding of the IT infrastructure.
Despite the widespread disruption, the city has reported some positive news. According to the city’s statement, no personal or health data was compromised or accessed during the breach. Furthermore, most of the affected systems have been successfully recovered or rebuilt, demonstrating significant progress in the restoration effort. This rebuilding phase is also being used as an opportunity to strengthen cybersecurity and improve services for the future.
However, the recovery has not been without its challenges. The city has confirmed that a limited number of critical services were unrecoverable and are being rebuilt from scratch. These include the finance business management application suite, various development and permit applications, fire department records management, and public health inspection applications, among others. The impact on these systems means that some essential municipal services have faced prolonged disruption. The incident serves as a stark reminder of the financial and operational consequences that can arise from inadequate cybersecurity measures and the critical importance of adhering to insurance policy requirements.
Reference:
