Cybersecurity Incident Prompts Emergency Alert System Transition in St. Mary’s County

The St. Mary’s County Government (SMCG) Department of Emergency Services (DES) has provided an update regarding the previously reported cybersecurity incident involving the CodeRED Emergency Notification System – a third-party platform used by local governments nationwide to issue emergency alerts.

What Happened

CodeRED has completed a forensic investigation, conducted by internal security teams and external cybersecurity experts, into the incident that led to the suspension of the legacy platform in November 2025. According to CodeRED, an organized cybercriminal group gained unauthorized access to the legacy OnSolve CodeRED environment beginning as early as October 31, 2025, and deployed ransomware on November 10, 2025. The attack resulted in the encryption of certain servers and significant damage to the legacy system. While a data transfer tool was identified during the investigation, forensic experts found no evidence confirming that data was exfiltrated from the system.

Limited Subscriber Information Affected

CodeRED reports that limited subscriber information affecting a small percentage of users was exposed across two data sets:

  • One data set contained usernames, phone numbers, and inactive, outdated passwords that were deactivated and changed in 2015 during a prior platform migration.
  • A second data set contained usernames with encrypted passwords that are unreadable and not identifiable. There is no evidence that encryption keys were accessed.

Importantly, CodeRED has confirmed that the exposed data did not include first or last names, addresses, or other sensitive personal information, and did not include any active passwords. While residents were initially encouraged to change passwords out of an abundance of caution, updated guidance confirms that no active passwords were compromised. Residents are still advised to remain vigilant and cautious of unsolicited communications requesting personal or financial information.

New Emergency Notification System

The legacy OnSolve CodeRED platform has now been permanently decommissioned.

On January 6, 2026, the Commissioners of St. Mary’s County approved a new emergency notification system, Regroup Mass Notification, following review and recommendations by the County’s Departments of Emergency Services and Information Technology. Additional information about the transition will be shared as implementation continues.

Wider County Implications

Emergency notification systems are a critical component of local public safety infrastructure. Counties rely on these platforms to deliver real-time alerts related to severe weather like Maryland has seen in the past few weeks, public safety incidents, among other emergencies. Due to the digital environments in which these systems operate, cybersecurity resilience has become central to emergency preparedness and a major topic of discussion at previous MACo conferences.

St. Mary’s response highlights the importance of ongoing vendor oversight, system modernization, and coordinated response efforts. While the cybersecurity event affected a third-party legacy platform, the county was proactive in their efforts to safeguard public communications and maintain service continuity.