Keichova Kathesing ‘Rogers te, Mier Michael, Subject: PW: Masia Resporse/Shenf's IT Date: Wednesday, May 3, 2023 9:41:17 AM Attachments: imeaoOL.ona_ FYI rom: Wer, ove 0) Date: Tuesday, May 2, 2023 at 2:00 PM To: 0S - All Supervisors iA AMMEEE). 20S Chiefs of Staff Ce: Hermandez, Leonard - CA0' ASIP RRSEME >, "Wiliams, Pamela" Subject: Media Response/Sheriff's IT Board Members, Brian Rokos with the Southern California News Group last night asked the County if a ransom had been demanded, ifso, how much, and whether the County intends to pay. He had been referred to us by Sheriff Dicus. In response, | wil provide him withthe response be, aaa This will be the first official confirmation to the news media that this has been a ransomware incident. The network disruption within the Sheriff's Department was the result of ransomware that infected portions of the department's information technology system. The County had prepared for the possibility of such an incident by securing appropriate insurance coverage. After negotiating with the responsible party, the insurance carrier and the County agreed to2 payment to restore the system's full functionality and secure any data involved in the breach Insurance covers most of the payment. The County's share is $511,852. The decision whether to render payment was the subject of careful consideration, On balance, and consistent with how other agencies have handled these types of situations, this was determined to be the responsible course. As part of its ongoing criminal investigation, the Sheriff's Department is conducting a forensic examination to achieve a full understanding of the incident, the findings of which will benefit all public agencies looking to avoid a similar occurrence. At no time did this incident compromise public safety or the Sheriff's Department's ability to carryoutits duties, No other systems within the County organization have been affected Additional information on this matter cannot be disclosed at this time in light of the ongoing criminal investigation. Please let me know if you have any questions. Thankyou, Davie David Wert Pablic iMormation Officer Sor Berard on cou, Caloris Pho 0 Fh Floor Son Fernainn CASDAIE O20 TAN BERNARDINO COUNTY ur job fs 10 create @ county in which those who reside and invest can prosper and achiove well-boing. sonny SB County cov oOneEoaFrom: oideva, Katherine To: agers. ete os Milt. chaeCastansa, Andrea Subject: FW: Sherif edi Inquies- Cyber tack Date: enday, Ap 1, 2023 9:34:55 a8) Attachments; Dacumeatl docs FY From: "Hernandez, Leonard - CAO" See eae Date: Saturday, April 8, 2023 at 9:03 AM “armendarez, Jesse" EET ISRGEIER-."Heeman, curt" oc I > 505 ce ost mn Ce: "Rundles, Diane - HR" iE >, "Oicus, Shannor RE "50082, cher I >, "Wiliams, pamela" a SS 2. 2c 50) LA, “Corciova, sake” ee "Tordesilas, Victor" eR RERAeunton, Tor” IL Subject: Sheriff Media Inquiries - Cyber Attack Board Members, The special team working with the Sheriff and County have come up with the following talking points and statements that we plan to use. KTLA is already reaching out to the Sheriff's team. They will take the lead in responding and we will support them as needed. We are limited in what we can/should say at this point. Thank you. Leonard Hernandez San Bernardino County Forwarded message from: Runde: ane 1 Date: Apr 8, 2023 8:36 AM Subject: Media Inquiries Jo: Wert, David (CAO) EE “cuencn-Hurted, Mert: Good Morning, David and Martha,Please see attached talking points for media. We are already getting inquiries. Please let me know if you approve. Not sure if Sheriff is reaching out to you with what inquiries we are getting a request for information from KTLA News Regards, Diane M. Ru u Executive Of ° mz a (Our job ts to erent a county in which those who reside and invest can prosper and achieve well-being.EXTERNAL STATEMENT We understand you may receive inquiries from citizens, other agencies, the media, and other individuals and outside parties about the recent data incident in our department. In such instanees, please use the language outlined below: “On April 7, 2023, the San Bernardino County Sheriff's Department recently became aware of a network disruption that affected a limited number of our systems. Upon discovering this incident, the County immediately secured the network and hegan working with our IT staff and third-party forensic specialists to investigate the incident. The County has referred the incident to partnering law enforcement agencies, including the Federal Bureau of Investigations and Department of Homeland Security. The investigation into this matter is ongoing, and therefore, we will be unable to provide further details at this time. The incident has not impacted law enforcement operations, and San Bernardino County Sheriff's Department is readily available to provide services and respond to calls." * On April 7, 2023, the San Bernardino County Sheriff’s Department became aware of a network intrusion that affected a limited number of our systems, * Cybersecurity is among our top priorities, and we take the privacy and security of our data seriously, «The incident has not impacted law enforcement operations, and the San Bemardino County Sheriff's Department is readily available to provide services and respond to calls. * The investigation into this matter is ongoing so the County’s ability to comment on specifies are limited, but the County will update the community when new information becomes available,‘ec David (CAO) (BOG Al Sunersnes; BOS Chink of Staff Hemandestecnand CAO; Willams, Pamela; Guzman-Hutado, Maca Subject: RE: Media Response/Shesffs IT Date: Friday, May §, 2023 3:06:59 PH Attachments: imagsL.pna. Board Members, FYE: We have received inquiries on the Sheriffs IT matter from 12 news media organizations today so far. All have been provided with the agreed-upon statement as well as confirmation that the total sum paid was $1.1 million. The organizations from whom we have heard are: ABC News (national), ABC7, NBC4, CBS2/KCAL, FOX11, KTLA, Spectrum 1, The Los Angeles Times, ‘The Mountain News, The Big Bear Grizzly, The Epoch Times, and The San Bernardino County Sentinel. Please let me know if you have any questions, Thank you, David From: Wert, David (CAO) Sent: Thursday, May 04, 2023 6:04 PM To: 80S All Supervisors ; Williams, Pamela Board Members, The Southern California News Group today responded to the statement we provided to them on. Tuesday regarding the Sheriff's IT matter. They requested the full amount paid as well as the County's portion, and we disclosed the full$1.1 million figure. Their story will ikely appear online and be sent out as an email news alert sometime this evening, Please let me know if you have any questions. Thank you, David From: Wert, David (CAO) Sent: Tuesday, May 02, 2023 2:00 PM To: 80S- All Supervisc's ANAM £05 chiets of staffCe: Hernandez, Leonard - CAO ESSER: wiliars, Pamela Subject: Media Response/Sheriff's IT Board Members, Brian Rokos with the Southern California News Group last night asked the County ifa ransom had. been demanded, ifso, how much, and whether the County intends to pay. He had been referred to us by Sheriff Dicus In response, I ill provide him with the response bel, aaa This will be the first official confirmation to the news media that this has been a ransomware incident. The network disruption within the Sheriff's Department was the result of ransomware that infected portions of the department's information technology system. ‘The County had prepared for the possibility of such an incident by securing appropriate insurance coverage. After negotiating with the responsible party, the insurance carrier and the County agreed toa payment to restore the system's full functionality and secure any data involved in the breach. Insurance covers most of the payment. The County's share is $511,852. ‘The decision whether to render payment was the subject of careful consideration. On balance, and consistent with haw other agencies have handled these types of situations, this was determined to be the responsible course, ‘As part of its ongoing criminal investigation, the Sherif’s Department is conducting a forensic examination to achieve a full understanding of the incident, the findings of which will benefit all public agencies looking to avoid a similar occurrence. At no time did this incident compromise public safety or the Sheriff's Department's ability to carry cout its duties. No other systems within the County organization have been affected Additional information on this matter cannot be disclosed at this time in light of the ongoing criminal investigation. Please let me know if you have any questions. Thank you, DavidDavid Were Public Information Officer Sen Bemrdine County, Caos Prone SBN Ben Foe Sen Boridine CAS2AIS0129 SAN BERNARDINO COUNTY (Our job is to create a county in whieh those who resicle and invest can prosper and achieve well-being.