Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Ransomware.

Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with discontinuation of codered system, and remediation measures with evaluation of alternative alert providers, and recovery measures with door-to-door notifications, recovery measures with social media alerts, recovery measures with potential new system adoption within 1–2 weeks, and communication strategy with public disclosure, communication strategy with advisories to residents (credit bureau checks), communication strategy with media statements, and incident response plan activated with yes (forensic analysis conducted; platform decommissioned), and law enforcement notified with delayed (agencies learned of outage only when alerts failed; no proactive notification), and containment measures with decommissioning of legacy onsolve codered platform, containment measures with isolation of affected environment, and remediation measures with accelerated rollout of 'codered by crisis24' platform, and communication strategy with limited (criticized by agencies for lack of transparency), communication strategy with public statement via media (denver7), communication strategy with advisories to users about password reuse risks, and and third party assistance with external cybersecurity experts, and containment measures with decommissioning of onsolve codered platform, containment measures with isolation of the incident to the third-party vendor's system, and remediation measures with launch of new codered platform on a non-compromised, separate environment, remediation measures with comprehensive security audit, remediation measures with penetration testing and hardening by external experts, and recovery measures with transition to new codered platform by november 28, 2023, recovery measures with use of alternative communication channels (local media, county website, social media) in the interim, and communication strategy with public disclosure of the incident, communication strategy with faqs provided by codered by crisis24, communication strategy with advisories for users to change passwords, communication strategy with collaboration with craven county emergency services for transparency, and remediation measures with transition to a new codered platform (legacy platform discontinued), and communication strategy with limited; no public statement from crisis24/onsolve. local governments issued notifications to residents., and and third party assistance with external security experts (for penetration testing and hardening), and containment measures with decommissioning of compromised codered platform, containment measures with migration to new secure platform, and remediation measures with full security audit, remediation measures with penetration testing, remediation measures with system hardening, remediation measures with new platform built in uncompromised environment, and recovery measures with migration of all customers to new platform, and communication strategy with public notification by city of university park, communication strategy with advisory to change reused passwords, communication strategy with transparency about potential future data leaks, and and and containment measures with decommissioned legacy codered platform, containment measures with accelerated rollout of new codered by crisis24 platform, and remediation measures with password reset advisory for users, remediation measures with migration to new platform, and recovery measures with transferring all customers to new codered by crisis24 platform, and communication strategy with emails to customers, communication strategy with social media and web announcements by affected jurisdictions (e.g., douglas county sheriff, city of weston), communication strategy with public disclosure via bleeping computer, and and law enforcement notified with fbi, and containment measures with sunsetting legacy codered platform, containment measures with migration to new version, and remediation measures with rebuilding from outdated backups, and communication strategy with customer notification, communication strategy with password reset advisory, and communication strategy with public disclosure of breach; emphasis on no observed misuse of stolen data, and and containment measures with maintained ability to send critical notifications despite outage, and remediation measures with launch of new notification platform on 2025-11-28, and recovery measures with full service restoration planned for 2025-11-28, and communication strategy with public announcement via facebook post, communication strategy with advisory for users to change passwords, communication strategy with media coverage (wect news report), and incident response plan activated with yes (forensic analysis, security audit, third-party penetration testing), and third party assistance with yes (penetration testing, security audit), and law enforcement notified with yes, and containment measures with isolation of legacy codered environment; decommissioning of affected system, and remediation measures with accelerated rollout of new codered platform, remediation measures with migration of all customers to new system, remediation measures with security audit and penetration testing, and recovery measures with transition to new platform; customer notifications and advisories, and communication strategy with public statements, customer notifications, and advisories to affected users (e.g., password change recommendations), and network segmentation with yes (legacy system isolated from new platform), and incident response plan activated with yes (coordination between harrisburg and crisis24), and third party assistance with crisis24 (provider of codered system), and containment measures with prompt closure of the affected server, and remediation measures with migration to another crisis24 server, and recovery measures with restoration of alerting and public notification capabilities by late november 2024, and communication strategy with public disclosure via dakota news now, communication strategy with letter from crisis24 published on the city website with faqs and contact email, communication strategy with alternative communication channels (news stations) for snow emergencies..

Common Attack Types: The most common types of attacks the company has faced is Ransomware.

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally Identifiable Information (Pii), , Pii (Personally Identifiable Information), Authentication Credentials, , Personal Identifiable Information (Pii), , Personally Identifiable Information (Pii), Authentication Credentials, , Personally Identifiable Information (Pii), , Personally Identifiable Information (Pii), Authentication Credentials, , Contact Information (Name, Address, Email, Phone), Passwords, User Profiles, , Personally Identifiable Information (Pii), Authentication Credentials, , Personally Identifiable Information (Pii), , Personally Identifiable Information (Pii) and .

Incident Response Plan: The company's incident response plan is described as Yes (forensic analysis conducted; platform decommissioned), , , , , , Yes (forensic analysis, security audit, third-party penetration testing), Yes (coordination between Harrisburg and Crisis24).

Third-Party Assistance: The company involves third-party assistance in incident response through External cybersecurity experts, , external security experts (for penetration testing and hardening), , Yes (penetration testing, security audit), Crisis24 (provider of CodeRED system).

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Evaluation of alternative alert providers, , Accelerated rollout of 'CodeRED by Crisis24' platform, , Launch of new CodeRED platform on a non-compromised, separate environment, Comprehensive security audit, Penetration testing and hardening by external experts, , Transition to a new CodeRED platform (legacy platform discontinued), full security audit, penetration testing, system hardening, new platform built in uncompromised environment, , Password reset advisory for users, Migration to new platform, , rebuilding from outdated backups, , Launch of new notification platform on 2025-11-28, , Accelerated rollout of new CodeRED platform, Migration of all customers to new system, Security audit and penetration testing, , Migration to another Crisis24 server, .

Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by discontinuation of codered system, , decommissioning of legacy onsolve codered platform, isolation of affected environment, , decommissioning of onsolve codered platform, isolation of the incident to the third-party vendor's system, , decommissioning of compromised codered platform, migration to new secure platform, , decommissioned legacy codered platform, accelerated rollout of new codered by crisis24 platform, , sunsetting legacy codered platform, migration to new version, , maintained ability to send critical notifications despite outage, , isolation of legacy codered environment; decommissioning of affected system, prompt closure of the affected server and .

Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Door-to-door notifications, Social media alerts, Potential new system adoption within 1–2 weeks, , Transition to new CodeRED platform by November 28, 2023, Use of alternative communication channels (local media, county website, social media) in the interim, , migration of all customers to new platform, , Transferring all customers to new CodeRED by Crisis24 platform, , Full service restoration planned for 2025-11-28, , Transition to new platform; customer notifications and advisories, Restoration of alerting and public notification capabilities by late November 2024, .

Key Lessons Learned: The key lessons learned from past incidents are Proactive communication with stakeholders during incidents is critical to maintain trust.,Legacy systems may pose higher risks and require accelerated replacement.,Password reuse by users amplifies breach impacts; education on password hygiene is essential.,Redundant alert systems are necessary for public safety continuity.Third-party and supply-chain vulnerabilities pose significant risks to public-sector agencies, particularly for vendors supporting critical government services like emergency alerting systems. Rapid migration to secure platforms and proactive communication are essential for mitigating reputational and operational damage.Legacy systems are high-risk targets for ransomware; importance of system isolation and accelerated migration to secure platforms; need for robust password policies to mitigate credential reuse risks.Increasing reliance on online services heightens exposure to cyber risks, even for critical systems like emergency notifications. Proactive coordination with service providers and backup communication plans are essential for resilience.

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: The Denver Post (or original news outlet)Date Accessed: 2023-11-27, and Source: Denver7 News, and Source: Douglas County Sheriff's Office (DCSO) Statements, and Source: Crisis24 Public Statement, and Source: Thornton Police Department Social Media, and Source: Arapahoe County Sheriff's Office, and Source: City of Aurora Social Media, and Source: Dr. Steve Beaty (Metropolitan State University of Denver), and Source: Craven County Official Statement, and Source: CodeRED by Crisis24 FAQs, and Source: SecurityWeek, and Source: Inc Ransom leak siteDate Accessed: 2023-11-22, and Source: Local government notifications (multiple U.S. states), and Source: SecurityAffairsUrl: https://securityaffairs.co/wordpress/149820/cyber-crime/onsolve-codered-cyberattack.htmlDate Accessed: 2025-11-26, and Source: City of University Park, Texas - Emergency NotificationDate Accessed: 2025-11-26, and Source: Bleeping ComputerUrl: https://www.bleepingcomputer.comDate Accessed: 2023-11-14, and Source: Crisis24 (OnSolve Parent Company) Email DisclosureDate Accessed: 2023-11-15, and Source: Douglas County Sheriff (Colorado) Social Media AnnouncementDate Accessed: 2023-11-15, and Source: City of Weston (Florida) Web AnnouncementDate Accessed: 2023-11-15, and Source: TechRadar, and Source: BleepingComputer, and Source: BleepingComputer, and Source: WECT NewsUrl: https://www.wect.com/2025/11/xx/surf-city-warns-of-cyberattack-affecting-codered-system/, and Source: Town of Surf City Facebook Post, and Source: Crisis24 Public Statement, and Source: Douglas County Sheriff’s Office Advisory, and Source: INC Ransomware Data Leak Site, and Source: Dakota News NowUrl: https://www.dakotanewsnow.com/2024/11/2x/ (hypothetical; actual URL not provided in text)Date Accessed: 2025 (article copyright date), and Source: City of Harrisburg Website (Letter from Crisis24), and Source: BleepingComputerDate Accessed: 2025-11-26.

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Disclosure, Advisories To Residents (Credit Bureau Checks), Media Statements, Limited (Criticized By Agencies For Lack Of Transparency), Public Statement Via Media (Denver7), Advisories To Users About Password Reuse Risks, Public Disclosure Of The Incident, Faqs Provided By Codered By Crisis24, Advisories For Users To Change Passwords, Collaboration With Craven County Emergency Services For Transparency, Limited; no public statement from Crisis24/OnSolve. Local governments issued notifications to residents., Public Notification By City Of University Park, Advisory To Change Reused Passwords, Transparency About Potential Future Data Leaks, Emails To Customers, Social Media And Web Announcements By Affected Jurisdictions (E.G., Douglas County Sheriff, City Of Weston), Public Disclosure Via Bleeping Computer, Customer Notification, Password Reset Advisory, Public disclosure of breach; emphasis on no observed misuse of stolen data, Public Announcement Via Facebook Post, Advisory For Users To Change Passwords, Media Coverage (Wect News Report), Public statements, customer notifications, and advisories to affected users (e.g., password change recommendations), Public Disclosure Via Dakota News Now, Letter From Crisis24 Published On The City Website With Faqs And Contact Email and Alternative Communication Channels (News Stations) For Snow Emergencies.

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Residents advised to contact credit bureaus; counties evaluating alternative providers, Manual alerts (door-to-door, social media) until new system is adopted; residents may need to re-register for new alerts, Users Advised To Change Passwords If Reused Elsewhere., Agencies Advised To Transition To Alternative Platforms (E.G., Rave, Ipaws)., Monitor Financial Accounts For Suspicious Activity., Avoid Password Reuse; Use Password Managers., Sign Up For Alternative Alert Systems (E.G., Fema Ipaws For Large-Scale Events)., , Craven County Emergency Services Collaboration With Codered By Crisis24 For New Platform, Public Advisories To Change Passwords And Use Unique Credentials, Change Passwords Immediately If Reused Across Other Accounts, Monitor For Suspicious Activity Related To Exposed Data, Use Alternative Communication Channels (Local Media, County Website, Social Media) For Emergency Alerts During Transition, , Notifications issued by local governments to residents about disrupted emergency alerts, City of University Park notified residents; OnSolve working with customers on migration to new platform, Users advised to change passwords reused elsewhere; no financial data impacted, Customers advised to change passwords, especially if reused for other accounts; migration to new platform underway., Immediate password reset recommended; monitoring for identity theft advised., Password Reset Advisory For Users, Termination Of Service By Douglas County Entities Due To Privacy Concerns, , Users notified of data breach (names, addresses, phone numbers, emails, passwords compromised), Public Advisory To Change Passwords, Notification Of New Platform Launch On 2025-11-28, Password Change Recommendation, Assurance That Critical Notifications Were Not Interrupted, , Customers notified; agencies advised to warn users about PII exposure and password reuse risks, Users advised to change passwords for accounts where CodeRED credentials were reused, City coordinated with Crisis24 and prepared alternative communication methods for residents., Public Statement By Mayor Derick Wenck Reassuring Residents Of Limited Risk., Letter From Crisis24 With Faqs And Contact Email For Questions. and .

Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as External Cybersecurity Experts, , External Security Experts (For Penetration Testing And Hardening), , , Crisis24 (provider of CodeRED system).

Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Discontinuation Of Vulnerable System, Evaluation Of Secure Alternatives, , Decommissioning Of Legacy System., Accelerated Rollout Of New Platform ('Codered By Crisis24')., Public Advisories On Password Security., , Decommissioning Of Compromised Onsolve Codered Platform, Launch Of New Codered Platform With Enhanced Security Measures, Comprehensive Security Audit And Penetration Testing By External Experts, Public Education On Password Hygiene And Cybersecurity Best Practices, , Discontinuation Of Legacy Platform, Transition To New Codered Platform, , Decommissioning Of Compromised Platform, Migration To New, Secured Environment, Security Audit And Penetration Testing, System Hardening, , Decommissioning Of Legacy Platform, Migration To New Codered By Crisis24 Platform, Enhanced Password Policies And User Advisories, , Platform Migration, Customer Data Protection Review, , Deployment Of A New Notification Platform, , Decommissioning Of Legacy Platform; Migration To New, Secure Platform; Security Audit And Penetration Testing, , Migration To A Secure Crisis24 Server, Server Closure To Prevent Further Access, .

Ransom Payment History: The company has Paid ransoms in the past.

Last Ransom Demanded: The amount of the last ransom demanded was $100,000.

Last Attacking Group: The attacking group in the last incident were an Organized cybercriminal group, Organized cybercriminal group, Inc Ransom, INC Ransom group, INC Ransom gang, INC Ransom, INC ransomware-as-a-service gang, INC Ransomware (organized cybercriminal group) and INC ransomware-as-a-service (RaaS) gang.

Most Recent Incident Detected: The most recent incident detected was on 2023-11-21.

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-11-26.

Most Recent Incident Resolved: The most recent incident resolved was on 2025-11-28.

Most Significant Data Compromised: The most significant data compromised in an incident were Names, Addresses, Email addresses, Phone numbers, Passwords (hashed/plaintext unclear), , Names, Addresses, Email addresses, Phone numbers, Passwords, , names, email addresses, physical addresses, phone numbers, user profile passwords (legacy platform), , , Names, Addresses, Emails, Phone numbers, Passwords, , user contact information (name, address, email, phone numbers), passwords, sensitive organizational data, , names, addresses, phone numbers, email addresses, passwords, , Names, Addresses, Email addresses, Phone numbers, Passwords, , Names, Addresses, Email addresses, Phone numbers and .

Most Significant System Affected: The most significant system affected in an incident was CodeRED emergency alert system and CodeRED emergency alert platform (legacy OnSolve environment) and OnSolve CodeRED platform and OnSolve CodeRED emergency alert system (legacy platform) and OnSolve CodeRED alert platform (previous version) and Legacy CodeRED alerting platform and legacy CodeRED platform and OnSolve CodeRED platform and CodeRED emergency notification system and OnSolve CodeRED legacy platform and OnSolve CodeRED emergency notification system (single server) and OnSolve CodeRED emergency notification platform.

Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was external cybersecurity experts, , external security experts (for penetration testing and hardening), , , Crisis24 (provider of CodeRED system).

Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Discontinuation of CodeRED system, Decommissioning of legacy OnSolve CodeRED platformIsolation of affected environment, Decommissioning of OnSolve CodeRED platformIsolation of the incident to the third-party vendor's system, decommissioning of compromised CodeRED platformmigration to new secure platform, Decommissioned legacy CodeRED platformAccelerated rollout of new CodeRED by Crisis24 platform, sunsetting legacy CodeRED platformmigration to new version, Maintained ability to send critical notifications despite outage, Isolation of legacy CodeRED environment; decommissioning of affected system and Prompt closure of the affected server.

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Email addresses, Addresses, addresses, Phone numbers, email addresses, physical addresses, user profile passwords (legacy platform), Passwords (hashed/plaintext unclear), sensitive organizational data, Emails, phone numbers, Passwords, user contact information (name, address, email, phone numbers), passwords, names and Names.

Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was $100,000.

Highest Ransom Paid: The highest ransom paid in a ransomware incident was No.

Most Significant Lesson Learned: The most significant lesson learned from past incidents was Redundant alert systems are necessary for public safety continuity., Third-party and supply-chain vulnerabilities pose significant risks to public-sector agencies, particularly for vendors supporting critical government services like emergency alerting systems. Rapid migration to secure platforms and proactive communication are essential for mitigating reputational and operational damage., Legacy systems are high-risk targets for ransomware; importance of system isolation and accelerated migration to secure platforms; need for robust password policies to mitigate credential reuse risks., Increasing reliance on online services heightens exposure to cyber risks, even for critical systems like emergency notifications. Proactive coordination with service providers and backup communication plans are essential for resilience.

Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Encourage users to avoid password reuse across platforms, Implement multi-factor authentication (MFA) for user accounts, Enhance server security for emergency notification systems., Users advised to change passwords that are the same or similar to their CodeRED platform password, Conduct regular security audits of emergency notification platforms., Regular password updates and multi-factor authentication (implied), Transition to more secure emergency alert systems, Develop redundant communication channels for critical alerts., avoid password reuse across accounts, Conduct regular cybersecurity audits for third-party vendors., Ensure clear segmentation between legacy and new systems, Use unique, long, and random passwords for each account, Enhance third-party vendor security assessments for public-sector suppliers., Conduct regular security audits and penetration testing for critical systems, Implement real-time monitoring and alerting for system outages., Avoid paying ransoms to threat actors, Implement multi-factor authentication (MFA) for all user accounts to mitigate credential reuse risks., Ensure vendors implement robust security measures (e.g., penetration testing, hardening), Proactive credit monitoring for affected residents, Multi-channel alert redundancy, regular backup testing, Monitor for potential identity theft or credential stuffing attacks, modernize legacy systems, Follow cybersecurity best practices for personal and organizational security, Avoid password reuse across multiple platforms, Monitor for potential identity theft or fraud, Develop robust incident response plans for cloud-based critical infrastructure., Provide timely and transparent communication to affected users and stakeholders, Change passwords reused across multiple accounts, Establish clear protocols for notifying affected parties during breaches., Promote multi-factor authentication (MFA) and password managers to users., Develop backup communication channels for emergencies (e.g., IPAWS, RAVE)., Implement multi-layered authentication and access controls. and Conduct regular forensic analyses to detect and contain breaches early..

Most Recent Source: The most recent source of information about an incident are Douglas County Sheriff's Office (DCSO) Statements, Arapahoe County Sheriff's Office, Denver7 News, Crisis24 Public Statement, INC Ransomware Data Leak Site, SecurityAffairs, Douglas County Sheriff’s Office Advisory, Dakota News Now, Douglas County Sheriff (Colorado) Social Media Announcement, City of University Park, Texas - Emergency Notification, SecurityWeek, CodeRED by Crisis24 FAQs, Craven County Official Statement, WECT News, Local government notifications (multiple U.S. states), Town of Surf City Facebook Post, Bleeping Computer, City of Harrisburg Website (Letter from Crisis24), TechRadar, Dr. Steve Beaty (Metropolitan State University of Denver), Thornton Police Department Social Media, The Denver Post (or original news outlet), Inc Ransom leak site, City of Weston (Florida) Web Announcement, City of Aurora Social Media, BleepingComputer and Crisis24 (OnSolve Parent Company) Email Disclosure.

Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://securityaffairs.co/wordpress/149820/cyber-crime/onsolve-codered-cyberattack.html, https://www.bleepingcomputer.com, https://www.wect.com/2025/11/xx/surf-city-warns-of-cyberattack-affecting-codered-system/, https://www.dakotanewsnow.com/2024/11/2x/ (hypothetical; actual URL not provided in text) .

Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (no details on root cause or threat actor).

Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Residents advised to contact credit bureaus; counties evaluating alternative providers, Users advised to change passwords if reused elsewhere., Agencies advised to transition to alternative platforms (e.g., RAVE, IPAWS)., Craven County Emergency Services collaboration with CodeRED by Crisis24 for new platform, Public advisories to change passwords and use unique credentials, Notifications issued by local governments to residents about disrupted emergency alerts, City of University Park notified residents; OnSolve working with customers on migration to new platform, Customers advised to change passwords, especially if reused for other accounts; migration to new platform underway., password reset advisory for users, Public advisory to change passwords, Notification of new platform launch on 2025-11-28, Customers notified; agencies advised to warn users about PII exposure and password reuse risks, City coordinated with Crisis24 and prepared alternative communication methods for residents., .

Most Recent Customer Advisory: The most recent customer advisory issued were an Manual alerts (door-to-door, social media) until new system is adopted; residents may need to re-register for new alerts, Monitor financial accounts for suspicious activity.Avoid password reuse; use password managers.Sign up for alternative alert systems (e.g., FEMA IPAWS for large-scale events)., Change passwords immediately if reused across other accountsMonitor for suspicious activity related to exposed dataUse alternative communication channels (local media, county website, social media) for emergency alerts during transition, Users advised to change passwords reused elsewhere; no financial data impacted, Immediate password reset recommended; monitoring for identity theft advised., termination of service by Douglas County entities due to privacy concerns, Users notified of data breach (names, addresses, phone numbers, emails, passwords compromised), Password change recommendationAssurance that critical notifications were not interrupted, Users advised to change passwords for accounts where CodeRED credentials were reused and Public statement by Mayor Derick Wenck reassuring residents of limited risk.Letter from Crisis24 with FAQs and contact email for questions.

Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was November 1–10, 2023 (access gained on Nov 1, ransomware deployed on Nov 10).

Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Inadequate incident response communication protocols.Vulnerabilities in legacy OnSolve CodeRED platform.Delayed detection/response to the attack., Targeted attack by organized cybercriminal group (INC Ransom)Vulnerabilities in legacy CodeRED platformPotential supply-chain or third-party risks, legacy system vulnerabilitiesoutdated backups, Targeted ransomware attack by organized cybercriminal group (INC); vulnerabilities in legacy system.

Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Discontinuation of vulnerable systemEvaluation of secure alternatives, Decommissioning of legacy system.Accelerated rollout of new platform ('CodeRED by Crisis24').Public advisories on password security., Decommissioning of compromised OnSolve CodeRED platformLaunch of new CodeRED platform with enhanced security measuresComprehensive security audit and penetration testing by external expertsPublic education on password hygiene and cybersecurity best practices, Discontinuation of legacy platformTransition to new CodeRED platform, Decommissioning of compromised platformMigration to new, secured environmentSecurity audit and penetration testingSystem hardening, Decommissioning of legacy platformMigration to new CodeRED by Crisis24 platformEnhanced password policies and user advisories, platform migrationcustomer data protection review, Deployment of a new notification platform, Decommissioning of legacy platform; migration to new, secure platform; security audit and penetration testing, Migration to a secure Crisis24 serverServer closure to prevent further access.