Hamilton, ON – The City of Hamilton presented a public Cybersecurity Incident Impact Update Report (CM24004) at today’s General Issues Committee Meeting. The report provides an operational and cost update related to the City’s cyber incident, which it identified on February 25, 2024, and quickly contained. To view the full update report, please click on the following link: General Issues Committee – June 19, 2024 (escribemeetings.com)
“I am appreciative of our City staff for their dedication as we work to restore services in a manner that is safe to do so. Full recovery from this criminal cyber-attack will continue to take some time and involves continued costs. However, as we bring back systems, applications and services, the City has an opportunity to transform technology and cybersecurity to better support residents and businesses and better protect us against future incidents,” said Mayor Andrea Horwath. “The City of Hamilton remains committed to transparency. This public report shares information related to the criminal cyber incident and outlines the progress we are making in recovery and rebuilding, emphasizing the community-centered approach we are taking to emerge stronger.
I recognize the difficulties this situation continues to create and the frustrations it has caused. I want to assure Hamiltonians that I understand the inconvenience folks are dealing with and sincerely thank everyone for their continued patience and understanding. City staff are doing their very best to rebuild as quickly and responsibly as possible but the reality is, even though they continue to work around the clock, the rebuild and full recovery will take some time.”A continued customer-centric approach
The City has been taking a thoughtful and intentional approach to its response, focused on best meeting the needs of its communities and staff. Despite the incident, the City has continued to deliver its critical programs and services.
With the incident contained and the delivery of essential core programs ongoing, the City is now largely focused on recovery, restoration, and rebuilding/ transformation.
- Recovery: Prioritize, rationalize and prepare systems to be restored.
- Restore: Return systems to their pre-incident state.
- Rebuild/Transform: Upgrade, replace and enhance systems to be more resilient and improve customer service.
Throughout these phases, the City is continues to prioritize critical systems, service continuity, and meeting the needs of the community. In some instances, the City is relying on short-to-mid-term mitigation solutions to limit service disruptions, including manual processes and interim or new technology solutions. The City will continue to make applications and associated services available as it is safe and secure to do so.
Building back better and stronger
The cybersecurity incident significantly affected the City’s complex technology infrastructure, which includes 228 unique applications that support approximately 8,000 full time city employees, nearly 600,000 residents, and upwards of 7,000 business partners.
Third-party expert and internal assessments indicate that most of the City’s applications can be recovered, restored, and rebuilt. To date, the City has restored 45 per cent of its total applications. Of the 48 applications the City identified as critical, 60 per cent have been restored. However, there are currently a small number of City applications that are unrecoverable, meaning the database or application cannot be re-established. Mitigation strategies are in place for affected applications. The City is minimizing service impacts by implementing temporary manual processes or alternative technology solutions.
As the City continues to bring back applications, it is identifying opportunities to improve and strengthen systems and infrastructure, and protect against future cyber incidents. Staff are assessing each application to determine whether it should be brought back to its pre-incident state, upgraded, or replaced to accelerate a transition to the City’s desired future state.
Costs incurred
Following City policy and procedures, including its Procurement Policy, the City incurred incident-related costs of approximately $5.7 million as of May 28, 2024. These costs were predominantly related to immediate and critical infrastructure, third-party support, and cybersecurity enhancements.
Next steps
Supported by third-party experts, the City is analyzing its unrecoverable and end-of-life applications and identifying opportunities to transform work processes and innovate service delivery. Staff will outline these opportunities in future reports, along with expected cost implications, funding strategies, and timelines.
The City is committed to continuing to modernize and strengthen City services while managing the impact on future tax levy and rate budgets. The City plans to leverage previously approved funding for technology and security-related projects, consider appropriate reserves, and reprioritize capital projects where possible.
“This is a large-scale effort to build back stronger than ever, which means leading with a focus on the user experience, protecting against future incidents, and approaching everything through a lens of resilience. We are making regular progress in restoring and rebuilding our systems, and I am confident we are on the right track.
We are extremely grateful for the hard work of our staff and the support of our community. The City remains committed to resolving the situation and achieving a state superior to that before the incident.” said Marnie Cluckie, City Manager.
For the latest information and answers to frequently asked questions, visit hamilton.ca/cyberincident.
ADDITIONAL RESOURCES: