The county has used the Crisis24's OnSolve CodeRED platform since 2017 to host its ALERT Spokane program, said Chandra Fox, deputy director of Spokane County Emergency Management.
Fox said attorneys representing Crisis24 told her that Spokane County users were not affected by the data breach. But the cyberattack left the Spokane area without a local option for agencies to alert the public in the case of an emergency.
Typically, Fox said her department was able to log into the system, write an alert, set the parameters for what area to notify and send the alert in real time.
"After the attack, nobody could get into the system at all," Fox said. "And I want to say it was about a week before we heard from OnSolve that it was a cyberattack."
The cyberattack all but destroyed the CodeRED system, Fox said, leading Crisis24 to decommission its subsidiary's legacy platform entirely.
Agencies and governments across the country experienced similar issues in accessing the system, including in multiple California, Colorado and Florida counties, according to reports. Washington's densely populated King County, and Ada County, home to Boise, also use the CodeRED system for emergency notifications.
"There's a lot of different communities across the country that use it, and nobody could get into it," Fox said.
Fox said Spokane County has relied on the Washington State Alert and Warning Center and the Federal Integrated Public Alert and Warning System to provide emergency messaging to county residents since the attack. Rather than sending the alerts themselves, the emergency management staffers have had to first call the state to send the alerts on the county or responding agencies' behalf.
News of the attack reached Spokane County only after Fox briefed Spokane County commissioners on the quest to find a new provider Tuesday. She said public notification of the attack was not provided earlier because the county was still able to send emergency notifications to residents.
"Nothing was impacted in terms of sending messaging to the public, because we did have a back-up in place," Fox said.
Crisis24 has since launched a newer iteration of the CodeRED platform the company says is more secure, and has been working in haste to have government and law enforcement partners transfer over from the old system.
Spokane County, however, will not continue to do business with the company, Fox said.
"The unsatisfactory manner in which the company responded to the issue is really what drove us to make the decision to change providers," Fox said.
CodeRED allows governments and agencies to provide time-sensitive information to residents en masse via call, text message, email and social media. The alerts usually are tied to public safety or community wellbeing, such as wildfire evacuation notices, boil water orders and missing person searches.
Elsewhere in the country, hackers did access a small number of subscribers' "usernames, phone numbers and inactive, outdated passwords that were deactivated and changed in 2015 during a platform migration," according to a Dec. 22 update from the company provided to and published online by the city of Mt. Lebanon, Pennsylvania. The hackers also gained access to usernames associated with encrypted passwords, although the passwords are not readable or identifiable.
Crisis24 did not respond to an inquiry from The Spokesman-Review prior to publication.
The attack has been linked to INC Ransomware, the group behind other recent high-profile data breaches like Scotland's National Health Service, Xerox Business Solutions' U.S. offices and Yamaha Motors Philippines. The group appeared to take credit by posting online screenshots of stolen customer data, "including email addresses and associated clear-text passwords," according to a public update published by the town of Goshen, Massachusetts.
The group also posted the alleged ransom negotiation, according to the town's statement. Crisis24 initially offered $100,000 to the hackers, which was raised to $150,000. Both offers were rejected.
While frustrating, Fox said the attack and collapse of the CodeRED system provides a much-needed opportunity to improve the countywide emergency notification program. The industry has evolved greatly in the years since the county first contracted with OnSolve and parent company Crisis24, and there are other options with more advanced functions that would better suit the county's needs, like mapping functions that would integrate well with recent upgraded equipment at the Spokane Regional Emergency Communications Center.
Fox said she hopes to bring a new contract with a new provider in front of the Spokane County Commission for approval by the end of February.
"That's what's really important to us, what we strive for, to provide the best alerting capability for the county and its residents," Fox said.
© 2026 The Spokesman-Review (Spokane, Wash.). Visit www.spokesman.com. Distributed by Tribune Content Agency, LLC.
