Suffolk County has appointed a new chief technology officer, officials confirmed, while the top cybersecurity officer hired during the Bellone administration was released.
Suffolk County announced Friday that John McCaffrey, Westchester County's former chief information officer, will assume the role of the county's top CIO, replacing former Information Technology Director Scott Masteron.
McCaffrey, who starts next week, most recently served as chief information officer for H2M Architects + Engineers, where he worked for four years. Previously, he served as Chief Information Officer for LiRo Group and Westchester County. He also served as Director of Information Technology for Orange County, Director of Information Technology for the Village of Skokie, Illinois, and Deputy Treasurer and Technical Support Manager for the Town of North Hempstead.
The appointment comes at the same time Suffolk released Kenneth Branchik, who was hired as the county's first chief information security officer in May. Branchik said the county's computer network suffered a cyberattack on Sept. 8, 2022, which crippled county services for several months and caused then-Suffolk County Executive Steve Bellone to suspend operations until December 2023. He was appointed after the state of emergency was declared for the second time in a row.
Over the weekend, Suffolk was hit with a countywide phishing email attempt in which attackers attempted to take over users' passwords and login information to gain access to the county's vast network, officials said. The attack ended in failure.
Suffolk County spokesman Michael Martino declined to discuss Branchik's resignation, citing human resources policies, but acknowledged the phishing attempt and confirmed that two I.T. He said the deputy chief had dealt with the matter.
County Executive Ed Romaine thanked them in a statement and said Suffolk “continues to evaluate its IT systems and take a closer look at the damage caused by the cyber attack.”
Romaine said McCaffrey's “experience and expertise will play a critical role in protecting the county's infrastructure.”
Branchik, who earns $184,214 a year, was appointed in May after an investigation by former county consultant Michael Balboni, Bellone said in a 2023 interview with Newsday. Brunchik's job was to develop recovery plans for potential future cyberattacks, Newsday reported. Mr. Branchik previously served as director of cybersecurity at Mount Sinai Health System. He did not return messages seeking comment Friday.
Branchik was appointed on the same day that the Special Legislative Committee on Cyberattacks found the county did not have a cyber-breach-specific emergency response plan.
In the years before and in the months after the Sept. 8 attack, the county employed an IT security “coordinator” who left the organization and worked as an outside contractor. A 2019 county report recommended the county hire a chief information security officer to centralize the county's cybersecurity policies and operations. Bellone said it should have been adopted earlier than May 2023.
The 2022 cyberattack cost the county $5.4 million in investigation and remediation efforts, and just recently county officials indicated more than $27 million was spent replacing systems, software and security. Ta. County Auditor John Kennedy announced earlier this month that he had identified $13.8 million in unnecessary or duplicate purchases, and Romaine said he had hired an outside firm to review the purchases.