Skip to content Skip to footer

City of Hamilton Cybersecurity Incident Response Update
Release of Cybersecurity Incident Impact Update Report

Hamilton, ON – The City of Hamilton presented a public Cybersecurity Incident Impact
Update Report (CM24004) at today’s General Issues Committee Meeting. The report
provides an operational and cost update related to the City’s cyber incident, which it
identified on February 25, 2024, and quickly contained. To view the full update report,
please click on the following link: General Issues Committee – June 19, 2024
(escribemeetings.com)


“I am appreciative of our City staff for their dedication as we work to restore services
in a manner that is safe to do so. Full recovery from this criminal cyber-attack will
continue to take some time and involves continued costs. However, as we bring back
systems, applications and services, the City has an opportunity to transform
technology and cybersecurity to better support residents and businesses and better
protect us against future incidents,” said Mayor Andrea Horwath. “The City of
Hamilton remains committed to transparency. This public report shares information
related to the criminal cyber incident and outlines the progress we are making in
recovery and rebuilding, emphasizing the community-centered approach we are
taking to emerge stronger.


I recognize the difficulties this situation continues to create and the frustrations it has
caused. I want to assure Hamiltonians that I understand the inconvenience folks are
dealing with and sincerely thank everyone for their continued patience and
understanding. City staff are doing their very best to rebuild as quickly and
responsibly as possible but the reality is, even though they continue to work around
the clock, the rebuild and full recovery will take some time.”


A continued customer-centric approach


The City has been taking a thoughtful and intentional approach to its response, focused
on best meeting the needs of its communities and staff. Despite the incident, the City
has continued to deliver its critical programs and services.

With the incident contained and the delivery of essential core programs ongoing, the
City is now largely focused on recovery, restoration, and rebuilding/ transformation.

Recovery: Prioritize, rationalize and prepare systems to be restored.

Restore: Return systems to their pre-incident state.

Rebuild/Transform: Upgrade, replace and enhance systems to be more resilient
and improve customer service.


Throughout these phases, the City is continues to prioritize critical systems, service
continuity, and meeting the needs of the community. In some instances, the City is
relying on short-to-mid-term mitigation solutions to limit service disruptions, including
manual processes and interim or new technology solutions. The City will continue to
make applications and associated services available as it is safe and secure to do so.


The cybersecurity incident significantly affected the City’s complex technology
infrastructure, which includes 228 unique applications that support approximately 8,000
full time city employees, nearly 600,000 residents, and upwards of 7,000 business
partner


Building back better and stronger

Third-party expert and internal assessments indicate that most of the City’s applications
can be recovered, restored, and rebuilt. To date, the City has restored 45 per cent of its
total applications. Of the 48 applications the City identified as critical, 60 per cent have
been restored. However, there are currently a small number of City applications that are
unrecoverable, meaning the database or application cannot be re-established.
Mitigation strategies are in place for affected applications. The City is minimizing service
impacts by implementing temporary manual processes or alternative technology
solutions.

As the City continues to bring back applications, it is identifying opportunities to improve
and strengthen systems and infrastructure, and protect against future cyber incidents.
Staff are assessing each application to determine whether it should be brought back to
its pre-incident state, upgraded, or replaced to accelerate a transition to the City’s
desired future state.

Costs incurred

Following City policy and procedures, including its Procurement Policy, the City incurred
incident-related costs of approximately $5.7 million as of May 28, 2024. These costs
were predominantly related to immediate and critical infrastructure, third-party support,
and cybersecurity enhancements.

Next steps


Supported by third-party experts, the City is analyzing its unrecoverable and end-of-life
applications and identifying opportunities to transform work processes and innovate
service delivery. Staff will outline these opportunities in future reports, along with
expected cost implications, funding strategies, and timelines.


The City is committed to continuing to modernize and strengthen City services while
managing the impact on future tax levy and rate budgets. The City plans to leverage
previously approved funding for technology and security-related projects, consider
appropriate reserves, and reprioritize capital projects where possible.


“This is a large-scale effort to build back stronger than ever, which means leading with a
focus on the user experience, protecting against future incidents, and approaching
everything through a lens of resilience. We are making regular progress in restoring and
rebuilding our systems, and I am confident we are on the right track.


We are extremely grateful for the hard work of our staff and the support of our
community. The City remains committed to resolving the situation and achieving a state
superior to that before the incident.” said Marnie Cluckie, City Manager.

For the latest information and answers to frequently asked questions, visit
hamilton.ca/cyberincident.

ADDITIONAL RESOURCES:

  • Cybersecurity Incident Impact Update (CM24004) (City Wide) | June 19, 2024
    General Issues Committee Report
  • hamilton.ca/cyberincident
Show CommentsClose Comments

Leave a comment