Officials with the V.I. Economic Development Authority have yet to address a reported cyberattack on the semi-autonomous agency. EDA Board Chair Kevin Rodriguez told the Source that the authority will issue a statement Friday “when they have more information.”
Gov. Albert Bryan Jr. confirmed the hack in an interview with the Virgin Islands Consortium published Thursday but did not respond to questions from the Source. Reached by phone, Rodriguez said the information in that article — which reported that hackers locked down the authority’s systems and demanded hundreds of thousands of dollars in ransom — “is not totally accurate” before stating that a spokesperson for the authority would reach out shortly. The Source did not receive a response to multiple messages left with the authority’s marketing director, Celina Morris, on Wednesday and Thursday.
Joseph Philbert, a network systems administrator with the V.I. Bureau of Information Technology, said the territory’s semi-autonomous agencies are usually outside of the bureau’s purview.
“Unless they ask for our assistance or direct involvement in their network, we cannot inject ourselves,” he said. Whether that makes semi-autonomous agencies more or less prone to cyberattacks depends on each agency’s infrastructure. “Typically, when these sorts of things happen, it’s a case of either internal infrastructure vulnerability or end-user error, which are the most common, but not sole ways threats can gain access.”
Cyber- and ransomware attacks on infrastructure, financial and health care institutions have become increasingly common. Billing operations at the Juan F. Luis Hospital were upended by a cyberattack last April, which Chief Executive Darlene Baptiste said forced the hospital to rely on paper billing, leading to cash flow issues. That incident came one month after a cyberattack took the V.I. Lottery offline. The Lottery suffered a similar breach in early 2024, the same year Schneider Hospital was hit with a ransomware attack. Other local targets in recent years include the V.I. Port Authority in 2021 and the V.I. Water and Power Authority in 2019.
Philbert said BIT is ready and willing to assist when a breach does occur.
“What would improve the GVI’s cybersecurity posture and work toward a unified approach would be for all agencies to join under our security protocols [and] standards to mitigate these potential risks and incidents,” he said. “As the saying goes, ‘an ounce of prevention is better than a pound of cure.’”
