Report: Cyberattack disrupts operations in several public agencies

By THE STAR STAFF

A ransomware attack detected last week has disrupted essential operations across multiple government agencies, according to a report from Indiario.

The information was confirmed by La Fortaleza, which emphasized the attack targeted a company that provides services to 14 government agencies.

“During the Thanksgiving period, TrueNorth, a company that provides services to 14 government agencies, experienced a cyberattack,” La Fortaleza said. “The attack was not on the government itself, but on a company contracted by the government, which consequently affected only the Department of Education, ASES [the Puerto Rico Health Insurance Fund] and the State Insurance Fund [CFSE by its initials in Spanish].”

The government said there is no cause for concern and that security measures implemented by Puerto Rico Innovation and Technology Service (PRITS) functioned as expected.

According to information obtained by Indiario, the Nov. 25 attack prompted an urgent response from local and federal cybersecurity teams. PRITS is leading the containment efforts in collaboration with the federal Cybersecurity and Infrastructure Security Agency and the FBI.

A senior cybersecurity source, who spoke on condition of anonymity, revealed that the attack commenced when credentials belonging to a vendor with administrative privileges were compromised -- a tactic increasingly observed in recent attacks against state governments in the U.S. and Latin America. This initial breach reportedly allowed the ransomware to spread through critical systems, Indiario stated.

Ransomware is among the most destructive tools in modern cybercrime. It infiltrates networks silently, encrypts files, and demands payment -- typically in cryptocurrency -- for their release. Beyond the technical damage, the real impact lies in disrupting the continuity of services, eroding public trust and destabilizing operations. In government systems, such attacks can halt payroll, healthcare services, educational platforms, and even public safety functions.

The CFSE seems to have suffered the most significant impact, with more than 150 Windows and Linux servers compromised, disrupting financial systems, injured worker service platforms, public portals and internal tools, Indiario reported. ASES reportedly lost access to some 30 servers, affecting databases and communications vital for managing Puerto Rico’s health insurance program. The Education Department also experienced outages on 11 servers, disrupting platforms used daily by teachers and students, including PowerSchool, Time & Attendance, TAL and other school management systems. Although some services remain operational, their availability is described as partial and intermittent.

Authorities are still assessing the full scope of the incident, including whether sensitive personal data protected under federal and local law was exposed. If confirmed, the government would be legally obligated to notify affected citizens and could face federal audits. The restoration process is expected to be lengthy due to the number of compromised servers and the complexity of the systems involved.

The website Ransomware.live, which monitors ransomware attacks, noted that 10 private and public entities have been victims of cyberattacks, including the University of Puerto Rico and the municipal administration of Barranquitas.