(TLP:CLEAR) Ransomware Attack at Payment Platform Provider BridgePay Causes Disruptions at Water Utilities Nationwide

Summary: A third-party payment processing vendor, BridgePay Network Solutions, has experienced a ransomware attack leading to a systemwide outage of its services. The attack has impacted myriad municipalities in several states and has reportedly affected several water utilities whose operations reside with the municipality. Most of the reported incidents are in Texas, but there are also reports of incidents in Kansas, Michigan, Wisconsin, Florida, and likely many others. While BridgePay has indicated that no credit card information has been compromised, disruptions have been primarily centered on utility customers’ inability to pay their water bills. Originally reported on Friday last week, the incident and disruptions are ongoing.

Notably, one impacted jurisdiction in Wichita, Kansas, restored service Tuesday after its integrating vendor implemented a workaround to bypass BridgePay, even though BridgePay’s system remains offline.

Analyst Note: While this attack targeted a payment processing vendor, ransomware attacks on municipalities are a relatively regular occurrence and are included in WaterISAC’s Quarterly Incident Summary reports. These attacks often impact the utilities’ billing systems associated with the municipality, and in some instances, have prompted utilities to shift to manual operations out of an abundance of caution.

These types of incidents highlight the importance of reviewing third-party vendor dependencies, particularly payment processors, and ensuring appropriate contingency plans are in place should those vendors become unavailable or experience an outage. WaterISAC encourages members to confirm that business continuity and incident response plans account for disruptions to billing and customer payment systems, including pre-established procedures for manual payment processing, alternate payment methods, and customer communication strategies.

Utilities can further mitigate risks by validating that contracts and service level agreements (SLAs) with vendors include cybersecurity expectations, incident notification requirements, and clear restoration timelines. Additionally, proactive tabletop exercises that simulate vendor outages, coordination with municipal IT departments, and maintaining regular data backups of billing records can help reduce the impact of a disruption and preserve customer trust during similar incidents.

Original Source: https://status.bridgepaynetwork.com/incidents/mgg52286dn24

Additional Reading:

• BridgePay Confirms Ransomware Attack, No Card Data Compromised
• Cyber Attack Disrupts Local Government Payment Systems
• Updated: Online water payment outage resolved, city of Wichita says

Related WaterISAC PIRs: 6, 6.1, 9, 11, 12