IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Ada County, Idaho, Takes Dispatch Offline Amid Cyber Concerns

The Ada County Sheriff’s Office spotted “unusual activity” and “proactively” deactivated computer-aided dispatch. Officials are working with third-party cybersecurity and data forensics consultants to investigate.

911 emergency dispatcher
Shutterstock
(TNS) — The Ada County Sheriff’s Office announced Monday that it “proactively” took its Computer Aided Dispatch system offline because of security concerns.

While 911 services continue for the Boise area, dispatchers are working using “backup systems and processes,” and are still taking and recording calls, allowing emergency services to respond as needed, according to a news release.

But questions remain about what this will mean for Ada County and the wealth of information that was in the system.

The Sheriff’s Office said it detected “unusual activity” in its emergency communications system late Saturday evening and decided to take the system offline “in an abundance of caution.”

“As soon as we learned this, we began investigating and determining the effects of the incident,” the Sheriff’s Office said in the release. “We also are working with nationally recognized third-party cybersecurity and data forensics consultants to assist us.”

The Sheriff’s Office declined to provide the Idaho Statesman with a description of the unusual activity or the names of those consultants.

Lauren Montague, public information officer, told the Statesman that the CAD system inputs calls for service, prioritizes calls, determines the location and availability of first responders in the field, and dispatches the appropriate public safety resources.

CAD reports previously obtained by the Statesman for stories showed that some documents included information on 911 callers’ identities, their Social Security numbers and response addresses.

The Statesman sent officials a list of questions about the incident, including the nature of the possible security breach, what law enforcement data might have been exposed, whether citizen information could have been compromised and what security measures were in place at the time.

The Sheriff’s Office said it was unable to answer most of them at this time.

“Much like an active investigation, our teams are still investigating and resolving these issues,” Montague said by email. “That’s the downside of being proactive with sharing information, unfortunately. We will put out more information as soon as we can.”

Montague said there is no timeline for when the system will be restored.

“What I have learned from this incident is that our IT team and security consultants are methodical and thorough — they are working around the clock to investigate, secure and restore our systems in the safest way possible,” she said.

PulsePoint, an app that provides information on emergency response information to citizens using the dispatch system, stopped working in Ada County after the system went offline.

The Ada County Jail website normally lists arrests, but that part of the site was not working Tuesday afternoon as well.

It’s not yet known precisely what happened with the Ada County system, but a similar incident occurred in Bucks County, Pennsylvania, in January. That turned out to be the work of the hacking group Akira, known for using ransomware, a type of malicious software that prevents users from accessing their computer files, systems or networks, and demands a paid ransom for their return, according to the FBI.

Cybersecurity and Infrastructure Security Agency, a federal government group, issued a warning about the group in April, saying Akira ransomware “has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia” since March 2023.

The Sheriff’s Office declined to say whether hackers were involved in the Ada County security concern.

While Bucks County officials decided not to pay a ransom, the incident still ended up being costly for the community. Bucks County commissioners paid a cybersecurity company $375,000 to work on its system after the attack and spent another $197,925 to purchase cybersecurity software, the Bucks County Courier Times reported. Commissioners also authorized ongoing payments of $1,000 per hour plus expenses to a law firm for legal expenses related to the incident.

The city of Baltimore’s emergency dispatch system also faced hacking issues in 2018.

Cyber attacks on government entities have risen in recent years. A study from the Center for Internet Security, a nonprofit focused on online security, found that malware attacks on government organizations increased by 148% between 2022 and 2023, with those numbers continuing to climb in 2024.

©2024 The Idaho Statesman, Distributed by Tribune Content Agency, LLC.