Yesterday morning, the North Carolina Administrative Office of the Court (NCAOC) was made aware of a security incident regarding Tyler Technologies, the vendor for the Judicial Branch’s eCourts initiative to provide an integrated case management system. Tyler’s communication to NCAOC stated that there was “a security incident involving unauthorized access to our internal phone and information technology systems by an unknown third party. We are treating this matter with the highest priority and working with independent IT experts to conduct a thorough investigation and response … At this time and based on the evidence available to us to-date, all indications are that the impact of this incident is limited to our internal network and phone systems. We currently have no reason to believe that any client data, client servers, or hosted systems were affected.”
NCAOC immediately began work to implement security protocols, which included blocking all connections and communication systems with Tyler. NCAOC will reconnect only when written assurance is provided from Tyler that there has been no impact to North Carolina Judicial Branch systems and that it is safe for NCAOC to reconnect systems with Tyler.
Update, October 22, 2020
Tyler Technologies, Inc. (Tyler), the eCourts Integrated Case Management System (ICMS) vendor, notified the North Carolina Administrative Office of the Courts (NCAOC) on September 23, 2020 that Tyler had experienced a cybersecurity incident on its internal phone and information technology systems.
Although Tyler stated, “We currently have no reason to believe that any client data, client servers, or hosted systems were affected[,]” the NCAOC immediately implemented its Cybersecurity Incident Response Plan, blocking all connections and communication systems with Tyler to ensure NCAOC systems were protected. The NCAOC informed Tyler that it would reconnect only after Tyler provided written assurance that there was no impact to North Carolina Judicial Branch information systems or data and that it was safe for the NCAOC to reconnect.
Over the last several weeks, NCAOC has been in regular contact with Tyler regarding the investigation and remediation of the cybersecurity incident. Tyler has since assured the NCAOC in writing that North Carolina Judicial Branch information systems and data were not compromised. The NCAOC has utilized a phased approach for re-establishing connectivity with Tyler and has fully reconnected to Tyler as of October 22, 2020.
For additional information about the Tyler cybersecurity incident, please view Tyler’s website.