In light of a new state requirement that stipulates municipalities update their IT policies, Mayfield Village will outline what would happen if there was a ransomware attack on its city data.
Cleveland, Lorain County, Circleville, Columbus, Wood County, Athens, have all had ransomware attacks in the past four years where hackers broke into their systems, locked them out of the data, and then demanded payment from victims to get access again.
One stipulation, according to Law Director Diane Calta, is that because of the way the state requires the policy to be written, the details of it will not be publicly available or subject to Freedom of Information requests.
“The cyber security policy is exempt from public records because it’s meant to be a security policy,” Calta said to council during a Sept. 8 caucus meeting. “… So, we will probably communicate that policy to you, with the understanding that it’s confidential, and then ask for approval at a public meeting on that policy.”
Council member Allen Meyers asked if the amount a city pays will be confidential and only disclosed to council to vote on.
“Off the cuff, I would say that would be an appropriate way to handle it,” Calta said. “But on the other hand, I don’t know if we’ve ever done an appropriation in that fashion. Let me noodle on that one …”
Finance Director Angie Rich said that she knew that Parma Heights recently paid an attacker and that it led to complications.
“That’s why, I think, a lot of this has come about,” Rich said. “Some cities, I think Parma Heights, has paid. And I think, maybe, their council didn’t know all the details of that. And it’s an issue, also, with dealing with their cyber security insurance of how are they going to recover the money, and who is at fault, and who is going to make up the difference.”
Mayfield Village’s next council meeting is 7 p.m. Sept. 22.
© 2025 The News-Herald (Willoughby, Ohio). Visit www.news-herald.com. Distributed by Tribune Content Agency, LLC.
