Within the newest growth across the cyberattack impacting Johnson Controls Worldwide (JIC), officers on the Division of Homeland Safety (DHS) at the moment are reportedly involved that the assault could have affected delicate bodily safety data.

Johnson Controls serves as a authorities contractor, offering constructing automation companies to services, akin to HVAC, fireplace, and safety tools. Because of the nature of these companies, officers at DHS are elevating issues about compromised data akin to DHS ground plans. In keeping with media reviews, officers detailed in an inside memo that Johnson Controls holds “labeled/delicate contracts for DHS that depict the bodily safety of many DHS services.”

It’s nonetheless unclear as to what data was accessed within the breach, which is believed to be a ransomware assault, however the memo acknowledged that “till additional discover, we should always assume that [the contractor] shops DHS ground plans and safety data tied to contracts on their servers.”

Considerations are extra heightened on account of a possible authorities shutdown, which may start this coming Sunday, making the incident not solely a safety problem, however a time delicate one. Greater than 80% of the Cybersecurity and Infrastructure Safety Company (CISA) workforce shall be furloughed ought to this shutdown go into impact, and cyberattacks throughout the nation’s software program provide chain would put vital infrastructure in danger.

“There’s completely a pattern rising in ransomware assaults with cybercriminals going deeper into their victims’ programs to deal a extra crippling blow,” famous John Gunn, CEO at Token, in an emailed assertion, underscoring the tough ranges cybercriminals are keen to go to of their assaults, together with these towards authorities companies.

This incident highlights the govt order President Biden issued in 2021 for federal companies to bolster their cybersecurity safeguards, and brings into query the safety of third-party suppliers and contractors.