March 29, 2022

Neguse Questions the FBI on Colorado Cyber Attacks

View Congressman Neguse’s remarks here

Washington D.C.— Today, Congressman Joe Neguse as a member of the House Judiciary Committee questioned the FBI about recent Colorado cyber attacks. The full committee heard from the FBI’s Assistant Director of the Cyber Division, Bryan A. Vorndran. Neguse led the line of inquiry to Assistant Director Vorndran pushing for clarification on how the FBI plans to assess the risks of breaches in cyber security for local governments, healthcare agencies, and universities and their recommendations for prevention.

Colorado institutions including Children’s Hospital Colorado, University of Colorado, Colorado Department of Transportation, Fort Collins Loveland Water District and Aurora Water, and the Boulder County payroll system have recently been targeted by high-profile cyber-attacks. Attacks like these cost taxpayers millions of dollars and threaten America's data privacy. State and local governments are more easily targeted than heavily guarded federal systems. Financial constraints, limited resources and outdated equipment can all hinder local governments’ efforts to safeguard the personal data they collect.

“I find it deeply concerning that our personal data and much of our protected information is being targeted by the cyber attacks in question today. Far too many of Colorado’s students, patients, and state officials have experienced these attacks firsthand,” said Congressman Joe Neguse. “ We must coordinate comprehensive cyber security training and a national response system to prevent hackers from exploiting our private records. Vulnerable citizens and easily targeted local and state governments need the full support of the Federal government.”

In response to a number of local attacks over the past few years, Congressman Neguse introduced the State and Local Government Cybersecurity Act of 2021. The bill seeks to foster cybersecurity coordination between the Department of Homeland Security and state and local actors, encouraging the National Cybersecurity and Communications Integration Center to share vital security tools and protocols with state, local, tribal, and territorial governments.


Colorado institutions are no stranger to cyber security attacks, just last year the University of Colorado was affected by an attack on Accellion by a ransomware gang known as CL0P, exposing identifiable information for 30,000 students and faculty members. Similarly, the Boulder County payroll system was impacted when the Ultimate Kronos Group, a human resources management company, was hit with a ransomware attack. The Colorado Department of Transportation was hit in 2018, as well as the Fort Collins Loveland Water District and Aurora Water. In 2017, Children’s Hospital Colorado was attacked and nearly 3,000 patient families' personal records were compromised, the same institution was also hit in 2020 when an unauthorized party accessed a private email account.