Commissioners told the court that all of Bernalillo County, which covers the US state of New Mexico’s largest city Albuquerque, had been affected by a January 5, 2022, ransomware attack, including the Metropolitan Detention Center (MDC) that houses some of the state’s incarcerated.
Over the phone, a spokesperson for the facility told The Register on Wednesday that services are still being repaired.
The attack took automatic security doors offline on January 5th, requiring officials to open doors manually with keys until that particular function could be revived.
Officials said in their filing that County-operated databases, servers, and internet service had been compromised. At MDC, this has meant limited access to email and no access to County wireless internet. This is particularly problematic, the officials say, because the MDC’s structure and location interferes with cellular service.
“One of the most concerning impacts of the cyber attack is that MDC is unable to access facility cameras,” they explained. “As of the evening of January 5th, there was no access to cameras within the facility.”
MDC instituted a temporary lockdown in response to the situation. Court-related video conferences are also not happening.
Several County databases at MDC are also believed to have been corrupted by the attack.
“The Incident Tracking System (ITS), the database in which MDC creates and houses all incident reports, including inmate fights, use of force, allegations of violations of the Prison Rape Elimination Act, is not currently available as it is suspected to be corrupted by the attack,” the filing states.
“Further, the Offender Management System (OMS) which MDC uses to store and access information about inmates including inmate account data is likewise unavailable at the present.”
The plaintiffs in the case have taken the opportunity to submit the statement [PDF] of a registered nurse who announced that she was quitting her job at MDC because of concerns about conditions there. The nurse, Taileigh Sanchez, describes dire staff shortages at MDC and problems with a new electronic medical records system, issues that have been made worse by the ransomware attack.
The attack denied access to current medical records, she said, which may have prevented some inmates from getting their medications.
Sanchez said she told supervisors about her concerns – which date back before the ransomware hit – but faced retaliation. “Even though I like my job, and have even been here 11 years, I will be resigning my full-time position effective immediately due to the safety concerns I have for our clientele and our staff,” she said in her declaration.