"We just found ourselves in a position of vulnerability that was uncomfortable and I think we really need to beef up our efforts," Walker said. "We have underinvested for quite some time in our network.'
The next day, Walker's forecast proved prescient when city staff learned of what Walker termed a "data incident."
At council's most recent meeting last week, Walker disclosed the incident that led to city computers being shutdown to external access for several days.
Staff implemented an immediate shutdown of the city's computer network on Oct. 8, one day after council unanimously approved a contract with Hagan Business Machines of Meadville Inc. to replace Coppola Enterprises Inc. as the city's information technology consultant, Walker told council last week.
"We had to shut down our server and our network and our email to the outside world," he said. "The general public wasn't impacted. There were no safety concerns — radio and telephone communications were operable."
City staff were unable to access email for three or four days during the shutdown, according to Walker.
The incident involved "suspicious traffic data leaving our server," Walker said.
Further investigation revealed that no city data had been compromised and the incident did not qualify as a "data breach" involving the capture of personal information, nor was the city required to notify any individuals or agencies regarding the incident.
Council then unanimously ratified payment of $12,800 for Hagan's response to the incident as well as an additional monthly services agreement for $1,410. These amounts are in addition to the contract with Hagan approved in October, which included a start-up fee of $3,190 and a monthly services amount of $3,495.
The additional expenses came to light the same evening council approved a 1-mill tax hike by a vote of 3-2. The increase is expected to produce nearly $143,000 in additional annual revenue for the city.
Some of the recent headlines involving cyberintrusions that Walker referred to have involve notable Crawford County organizations.
Meadville Medical Center notified employees in January of a data security incident involving unauthorized access to the hospital's human resources and payroll data, according to an email to employees obtained by the Tribune.
In April PENNCREST School District announced that a ransomware intrusion discovered two months earlier had been resolved with no exposure of personal data, according to a district official. Unlocking the data that had been encrypted cost the district $10,000 — the amount of the deductible on its cyberinsurance policy, according to the official. The district's insurance company paid out nearly $75,000, including costs for investigations into the attack.
©2020 The Meadville Tribune, Distributed by Tribune Content Agency, LLC.