Issue 103 - September 2020
City of La Quinta Resolves Ransomware Attack on Vendor
When a service provider for the City of La Quinta experienced a ransomware attack this August, administrators reached out to the California JPIA for support.
Senior Risk Manager Alex Mellor and Insurance Programs Manager Jim Thyden immediately assisted with identifying data that may have been compromised and connected the city with the cyber incident hotline hosted by the Authority’s new cyber liability insurance carrier, Chubb. Legal counsel then reviewed the information and provided guidance to the city.
“We worked with the California JPIA to reinstate services and mitigate any liability while the vendor resolved the technical difficulties,” said Martha Mendez, public safety manager for the City of La Quinta. “We truly appreciate Alex Mellor’s accessibility and willingness to help. He guided us through the process and ensured the city covered all risks.”
“Through enhanced resources offered by Chubb,” said Thyden, “members may now report incidents and claims through calls, emails, and an app, as well as access a suite of advanced tools to help secure and control online information.”
Other assets associated with the new carrier include a cybersecurity rating service for security performance, employee education, and a solution for preventing ransomware.
“The most effective thing La Quinta did in this situation was to let us know that the incident occurred,” said Mellor. “That allowed us to quickly mobilize resources to assist them.”
Mellor observed that the incident also reinforces the need for member agencies to require cyber liability insurance from vendors who are storing or have access to personal information for which the member is responsible, in accordance with the California Consumer Privacy Act (CCPA). While the CCPA applies to for-profit entities, public agencies should be aware of its provisions and be prepared to address the liability risks posed when contracting with a private entity collecting information from constituents.
La Quinta’s proactive, prompt response to the ransomware attack is indicative of a larger culture of risk management among staff members, said Mendez. “Our executive team places risk awareness, mitigation, and training as a top priority for the organization. Our collaborative, cross-departmental leads support risk management services and help ensure that the city’s systems and operations keep it a priority.”
October is National Cybersecurity Awareness Month. Please contact your senior risk manager for more information and resources.< Back to Full Issue Print Article