Public Information Act (PIA) malware scams could target county governments.
Recently, the Virginia Association of Counties (VACo) reported that malware scams have targeted counties through the Freedom of Information Act (FOIA). The FOIA guarantees the public the right to request access to federal agency records. Maryland’s Public Information Act (PIA) is similar to the federal Freedom of Information Act (FOIA) and gives the public the same rights.
In Virginia, counties are receiving FOIA requests as attachments that, once opened, contain malware. Despite cybersecurity concerns, county governments are federally required to respond to requests. Not only is this malware capable of shutting down entire systems, but it also expends resources and require counties to spend significant amounts of money to repair the damage. The disruption caused by these attacks can lead to delays in government operations.
From the article:
“[I am] aware of several attorneys in the state who have had issues with FOIA officers clicking on the attachments that unleash malware that gets into the system and takes a lot of time and money to clean up.” – Lancaster County Attorney James Cornwell
Recommended industry best practices to mitigate threats from VACo:
- Ensure IT departments schedule regular updates.
- Educate all staff to be cautious and skeptical of links in emails.
- Implement a multi-layered approach to cybersecurity, if feasible.
All local governments should be aware that no system is infallible and all are vulnerable to malicious cyber attacks. It is important to be vigilant of suspicious links or attachments that could contain treats or malware. If a PIA link or attachment is sent in an email, it is recommended to request that the sender resends the PIA request within the body of an email. Stay tuned to MACo for any updates on this issue.