"Businesses and municipalities are particularly vulnerable, (as is) health care because of the need for system access and the amount of sensitive data," said Evan Allard, director of the Connecticut Intelligence Center with the state Department of Emergency Services and Public Protection.
The Connecticut Intelligence Center and the DESPP want to get the word out about the risk of ransomware attacks, in which a threat actor gets a foothold into a network by installing ransomware to encrypt data and make it unusable. The town or city can be forced to pay the ransom to decrypt the data and regain access.
Allard said the average fee demanded in these ransomware attacks is about $1.1 million.
No one has classified Meriden's attack as ransomware, though city officials in New Britain confirmed it to be the case with the breach in that community.
New Britain officials did not say if the city had to pay a ransom.
Meriden shut down its cyber network after discovering an "attempted interruption" on Feb. 13 forcing city workers to keep hand-written records in all departments except the public schools. The state stepped in quickly to help Meriden move its emergency dispatch operation to workstations at the Connecticut Police Academy in Meriden.
On March 3 , the city began slowly restoring some online services, including email access for some employees, but it was unclear when systems would be fully restored. After three weeks at the Police Academy, the dispatch center returned to its home at the police station on Wednesday, state and local police said.
New Britain suffered a significant ransomware attack at the end of January. The city, as of March 3, said it is still calculating the costs in that breach and evaluating security to its system to reduce future risk.
"The city continues to make steady progress in its recovery from (January's) ransomware incident," said New Britain Mayor Bobby Sanchez. "Working with outside cybersecurity experts and state and federal partners, we have restored the majority of core systems and implemented enhanced monitoring and security protocols."
As part of that process, the city is reviewing additional cybersecurity safeguards, operational redundancies, and training protocols to further protect municipal systems, Sanchez said.
The city of West Haven also experienced a system shutdown after an interruption on Christmas 2024. That interruption followed a ransomware attack in 2018 in which officials paid $2,000 in Bitcoin to unlock 23 servers, according to town officials at the time.
Since then, the city has invested in backup system software that enabled it to restore its servers within four days of the Christmas Day incident, officials said.
A WORLDWIDE ISSUE THAT'S ON THE RISE
According to Allard, some hackers are not only demanding a ransom for access, but add extra payments to prevent selling the data on the dark web.
A report released by the consumer website Comparitech showed there were 7,419 attacks reported worldwide in 2025, and every sector saw an increase. Of these attacks, 6,292 were on businesses, up 35% from 2024; 374 were on government entities, up 27% from 2024, and 444 were on healthcare companies, up 2% from 2024.
"Depending on scope, the cost of a data breach can run into the millions, once you factor in investigation, restoration, and operational disruption," said Greg Bugbee, chief information security officer for Novus Insight, LLC Inc., a private provider of managed information technology support, including cybersecurity for businesses and municipal clients. "Before you bring systems back online, you have to validate the environment is safe. Recovery is deliberate and methodical so you don't reintroduce risk."
Ransom payments aside, there are the added costs to investigate what happened, how it happened, resiliency and repair efforts.
Moving Meriden's emergency dispatch center to the state police quarters is an example of the kind of resiliency that keeps services going despite an interruption, Bugbee said.
Local governments also have many more departments than local businesses, which can make them more vulnerable.
"One solution would be to separate some systems," Bugbee said. Keeping critical systems isolated from less critical networks can help limit the blast radius of an attack and reduce the chance that one disruption becomes larger in scale, he said, and backing up data regularly is also critical.
Hospitals and healthcare systems are also highly vulnerable because of the amount of patient data they store.
In 2025, Yale New Haven Hospital officials estimated that 5.5 million patients were impacted in a March data breach of its network. The number of patients impacted exceeded the annual total of all visits to the health system, which consists of Bridgeport Hospital, Greenwich Hospital, Lawrence + Memorial Hospital, Yale New Haven Hospital, Westerly Hospital in Rhode Island and Northeast Medical Group, officials said at the time.
The FBI also investigated a ransomware attack in 2023 that disrupted hospital systems in multiple states run by Prospect Medical Holdings, including two in Connecticut. Eastern Connecticut Health Network (ECHN) and Waterbury Health, both owned by Prospect, reported closures at their facilities due to IT issues. The company also has hospitals and clinics in California, where it is headquartered, as well as Connecticut, Rhode Island and Pennsylvania, the Associated Press reported.
RECOVERY IS PAINSTAKINGLY METHODICAL AND COSTLY
Further complicating the battle against cyber hacking is the rise of artificial intelligence, which presents more challenges, said Novus Insight CEO Eric Boone.
"The social engineering aspect of cyber attacks is getting more precise," Boone said. "Using AI can help threat actors create and craft phishing and other messages aimed specifically at you," Boone said.
David Hatter is a consultant with InTrustIt, a 15-year-old cybersecurity company. He is also the third-term mayor of Fort Wright, Ky. and is leading efforts to improve government cyber systems in his state.
"It's basic cyber hygiene," Hatter said. Municipalities "are using equipment that is 10 to 15 years old. Many of these places are a cybersecurity dumpster fire. They don't understand the risk. As we add more technology, we're adding more risk without stopping to ask what could go wrong."
The ever-changing technology explains why employee training is critical to prevent employees from clicking on links that invite ransomware, he said.
Local governments should be "shoring up networks, and trainings. There are reasons for them," Allard said. "They actually work."
Allard recommends municipalities seek resources from the Cybersecurity and Infrastructure Security Agency for support and information.
"It's an ongoing process," said Chetan Jaiswal, associate chair of the computing department at Quinnipiac University. "Cybersecurity changes every day."
Safeguards against phishing attempts and incident responses are critical training areas that should be included in all workplaces, Jaiswal said.
In fact, some cyber insurance companies demand them.
"It is important to note that insurance policies will often come with their own set of base requirements like multi factor authentication, backups, and security software," Bugbee said. "Organizations should be aware of those requirements to avoid any type of claims dispute in the event of an incident."
Staff writer Paul Schott contributed to this story.
©2026 The Middletown Press, Distributed by Tribune Content Agency, LLC.
