It is important that Commonwealth of Massachusetts departments immediately report any cyber incidents or other suspicious activity to departmental IT staff, even if the activity or email seems innocuous. Malware and ransomware often go undetected at first, so it is always safe to have your IT and security staff double check.
Since employees of the Commonwealth of Massachusetts are often using enterprise systems, it is also critical to notify the Executive Office of Technology and Security Services (EOTSS) and the Office of the Comptroller (CTR) to ensure enterprise systems are protected. Ransomware and other viruses can quickly spread and disrupt operations and compromise data.
In the event of a breach of personally identifiable information, Commonwealth of Massachusetts departments are legally required to notify certain agencies and affected residents.