Checklist 438: Nevada Does a Great St. Paul Impression

Nevada Ransomware Attack Shuts Down Critical State Services

Nevada is grappling with a major ransomware attack that has crippled state systems and disrupted essential public services. The incident, first confirmed last week by Timothy Galluzi, Chief Information Officer and Executive Director of the Governor’s Technology Office, was initially described only as a “security incident.”

The attack, which mirrors the ransomware assault that struck St. Paul, Minnesota, a month earlier, has left key state systems offline. According to KLAS Las Vegas (via Yahoo! News), the impacts are “widespread,” affecting the Access Nevada portal, the Department of Human Services, the Nevada Health Authority, and the Department of Motor Vehicles (DMV).

• Access Nevada: Residents cannot apply online for benefits such as Medicaid, SNAP, or TANF. Paper applications remain available at Medicaid District Offices, where caseworkers are assisting in person.
• Child Care & Development Program: Staff are unable to access case files or certifications, though childcare services continue.
• Child Support Payments: Processing is delayed.
• Nevada Health Authority: Operating at limited capacity, impacting Medicaid, the state employees’ benefits program, and the Nevada Health Link insurance exchange. Patients can still keep and make appointments, while providers are assured of payment for covered services.
• Nevada DMV: Most services are unavailable. Offices statewide remain closed as of August 27, 2025, with only a handful of functions — such as online permit testing and certain titling processes — operational.

The DMV has pledged to waive late fees and penalties stemming from the outage. Any appointments missed during the shutdown will be honored as walk-ins for at least two weeks once offices reopen. The governor’s office has confirmed similar fee waivers across impacted agencies.

While St. Paul’s ransomware incident disrupted city systems like public internet and utility payments, the Nevada attack appears broader in scope, affecting benefits distribution, healthcare systems, and vehicle services across the entire state.

Nevada Confirms Ransomware Attack Amid Widespread State Service Outages

What first looked like a ransomware attack in Nevada has now been confirmed as such, with state officials acknowledging a “sophisticated ransomware-based cybersecurity attack” that continues to disrupt critical services.

Speculation had been mounting since early in the week, with TechRadar reporting Tuesday that the incident “bears the markings of a ransomware attack,” even though the Governor’s office had initially described it only as a “network security incident” on social media.

By Wednesday, Timothy Galluzi, Nevada’s Chief Information Officer and Executive Director of the Governor’s Technology Office, confirmed the worst: problems first spotted Sunday were indeed ransomware. He said the state immediately activated its incident response plan, which involved taking “deliberate and targeted actions” such as isolating and shutting down certain systems to contain the threat.

The attack resembles the ransomware strike that paralyzed St. Paul, Minnesota, last month, and may involve double extortion tactics. As The Register has noted, such attacks combine system encryption with data theft to pressure victims into paying ransoms. Galluzi admitted there is “evidence that indicated some data had been moved outside of the state’s network,” though the nature of the data has not yet been identified.

KLAS Las Vegas reports that Nevada residents are already feeling the impact, with key systems offline, delayed services, and citizens left in limbo. State officials have promised to waive late fees, honor missed appointments, and maintain coverage for medical needs. Residents are also being warned about scammers exploiting the crisis, with reminders that the state will never ask for passwords or bank details by phone or email.

As for recovery, the timeline remains uncertain. KLAS notes it is “unknown when the situation will be resolved.” In a sobering comparison, one month after St. Paul’s attack began, the city’s government website still carries a bright yellow banner warning of a “digital security incident.”