Cyber attacks

Closing is scheduled for White Lake Township, Michigan's second try at a GO bond sale after the first was interrupted by the cybertheft of bond proceeds.

While the White Lake, Michigan, township hack is the best-known and publicly disclosed cyberattack, there have been others. Some issuers and firms are reluctant to share these experiences publicly.

The public finance industry is addressing cyber threats, which became clearer with last year's hack of White Lake Township's bond closing.

The San Diego County-based hospital system's financial woes were dire enough to earn junk ratings from Fitch Ratings, Moody's Ratings and S&P Global Ratings earlier this year. Fitch further downgraded the already junk ratings on Wednesday.

It's hard enough convincing local governments to spend money on cyber insurance that covers ransomware attacks, said Omid Rahmani, public finance cybersecurity lead at Fitch Ratings. The new and very specific threat of a hacked financing process, is "absolutely" underappreciated by the public finance industry.

"This matter is now under active investigation by federal authorities and impacted financial institutions, who are coordinating with the White Lake Township Police Department," said Daniel Keller, chief of police, in a statement.

The threat of cybercrime against municipalities continues to mutate into more sophisticated and life-threatening schemes, say economists and rating agencies.

New York State Comptroller Thomas DiNapoli urged state agencies to do more to protect water systems from cyberattacks as Moody's Investors Service said cyber risks pose challenges to municipalities across the United States.

Through proposed SEC regulations, federal grants and cybersecurity insurance, areas of the public finance industry are adjusting to costly and omnipresent cyber threats. 

The increasing number and frequency of cyber attacks against municipalities is a cause for credit concern, S&P Global Ratings says.