CIO Frank Johnson weathered a catastrophic ransomware attack in May, but faced much criticism for how the IT department handled the incident. He took leave in September, and the city now confirms that he’s moved on.
Frank Johnson, Baltimore's IT director during this year's ransomware attack, has left the leadership position, according to city sources.
Johnson, who was one of the city's highest-paid employees, weathered extreme criticisms for his handling of the attacks — with City Councilors alleging a lack of communication and leadership in the immediate aftermath of the incident.
His last day with the city was Oct. 1, said James Bentley, communications officer for Mayor Bernard Young.
Currently, day-to-day operations at the Baltimore City Information Technology department (BCIT) are being looked after by Johnson's former deputy Todd A. Carter, who is serving as interim director. Carter took over in September, after Johnson went on unpaid leave.
The city will soon begin a search for his permanent replacement, according to Bentley.
The May attack debilitated numerous service delivery and bill pay systems and locked city employees out of their computers for weeks. A recent audit also showed that poor data storage practices — including BCIT staff routinely failing to store data on an external cloud system — led to data losses during the attack.
Johnson, who previously worked prominently for Intel, and also served a stint as a security engineer with the federal government, was criticized for having never drafted a continuity of operations plan to deal with an IT attack of the kind the city suffered.
The attack is estimated to have cost Baltimore $18 million in revenue losses and recovery efforts.