In local and state courts across the nation, cyberattacks have emerged as a growing issue that can disrupt court operations and make sensitive information vulnerable.
New York’s courts are no exception in terms of risk. While New York’s court system has not been severely targeted like other states that have suffered crippling attacks from hackers, the state’s government institutions have consistently been the target of cyberattacks in recent years, leading Gov. Kathy Hochul to take increasing security measures.
Watchdog groups have recently highlighted the issue for state court systems in order to encourage states to take a proactive role toward bolstering policy and IT planning efforts.
While New York courts have not been subject to a major cyberattack, New York Comptroller Thomas DiNapoli released a 2023 report based on FBI data that cyberattack complaints jumped across the state 53% between 2016 and 2022. For those targeting critical infrastructure in New York state, the number nearly doubled to 83 in the first half of 2023 compared to 48 for all of 2022. Government facilities like local courts are in the top three categories of infrastructure targeted, although none have been severely affected to date.
The personal data of individuals who are part of the court system is most at risk. The National Center for State Courts took a survey in 2022 of state courts around the country and found that the personal data that courts manage can be particularly vulnerable targets for hackers. Its recommendation for courts: get in front of the problem and work with tech professionals and industry experts to protect against such cyberattacks.
In instances where states have been attacked, it’s primarily for data theft. However, many systems are also targeted with ransomware—malicious software designed to block access to government systems. The attackers encrypt the files and demand a ransom for the decryption key.
“Data breaches at companies and institutions that collect large amounts of personal information expose New Yorkers to potential invasions of privacy, identity theft and fraud,” wrote DiNapoli in his report on New York state. “Also troubling is the rise in ransomware attacks that can shut down systems we rely on for water, power, health care and other necessities.”
In New York, there were seven government facility cyberattacks in 2022. Those included a 2022 ransomware attack on Suffolk County that disabled computer systems like the 911 dispatch center and Department of Motor Vehicles for months. In other years there have been attacks on school districts that crippled email and payroll and data breaches in healthcare systems.
Disrupting a court system potentially means stopping the delivery of essential government services. Delays can raise public safety risks if police and prosecutors can’t access a suspect’s criminal history and judges have to delay protection orders.
While not the result of a cyberattack, New York’s court system was affected by a faulty software update from CrowdStrike over the summer, which caused rolling crashes from the government agencies that use its programs for security. Though New York court employees had trouble accessing their computer systems, it reportedly did not result in any major disruptions to court operations.
The state is taking steps to confront cybersecurity threats. In 2023, Hochul unveiled the first-ever statewide cybersecurity strategy, backed by a $90 million investment in the budget, which included $30 million specifically allocated to help local governments bolster their defenses against cyber threats.
The New York Court system has made changes of its own. In 2023, it updated the requirements of the continuing legal education program to include an hour of cybersecurity training for all New York lawyers as part of renewing their law license.
