Cyber Incident Victim: Hernando County
Date:
Apr 2024
Location:
United States of America
Summary
A cyberattack disrupted Hernando County's IT network, prompting an immediate response from the Clerk Information Technology Incident Response Team alongside third-party specialists to investigate and restore services. Critical public safety operations, including 911, Sheriff, Fire Rescue, and EMS, remained functional, while numerous other services experienced partial outages or delays. Impacts included email communication disruptions, limited payment processing (cash/checks only), suspended online systems like the Property Appraiser's website, delayed permit reviews, rebate processing, and development plan assessments, as well as temporary closures or reduced operations at certain offices. Solid waste collection, utilities, parks, libraries, and animal services continued with minimal interruptions, though some departments reported manual workarounds for transactions and service requests.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 1, 2024, Hernando County Government experienced a county-wide IT network interruption described as a cyberattack, prompting immediate activation of its Incident Response Team (IRT). The Hernando County Clerk IRT collaborated with third-party computer specialists to investigate the incident's nature and scope while working to restore network functionality. Critical public safety services—including 911 dispatch, Sheriff’s Office operations, Fire Rescue, and EMS—remained fully operational throughout the disruption. Email communications with county staff faced delays, and multiple departments implemented manual workarounds to maintain partial operations. The county confirmed no data compromise specifics but acknowledged ongoing efforts to minimize service interruptions, with restoration timelines undisclosed due to the active investigation.
The cyberattack disrupted non-emergency services across multiple county divisions, requiring operational adjustments. Administrative functions like Economic Development, Tourism, and Human Resources continued operating, though the Airport & Technology Center limited lease payments to cash and checks. Development Services accepted paper permit applications but halted plan reviews and zoning assessments. Public Works maintained residential inspections and trash collection but couldn’t process development-related reviews. Utilities Department facilities operated normally but suspended credit card payments and delayed commercial development reviews. The Property Appraiser’s website remained offline, forcing limited in-person services starting April 8, while the Tax Collector reported Concealed Weapons License processing delays. Library services, parks, animal shelters, and mosquito control operated without interruption, though the Emergency Management’s special needs registry was temporarily unavailable. The IRT continued system restoration without disclosing attack vectors or attribution, advising residents to contact offices directly for service status updates.