Sunday, Feb. 11 Press Statement

Our office recently became aware that some data within our computer system was encrypted by malware. As a preventative measure, we temporarily disabled our computer network and are working to safely and securely bring systems back online. Our operations will be limited while the network is offline. However, our office remains committed to providing high quality representation to our clients. We will provide further details as soon as we can.

Monday, Feb. 12 Update

Our efforts to safely and securely bring our computer system back online continue. In the interim, we are leveraging operational continuity measures to provide services to our clients notwithstanding the challenges presented by temporarily disabling the computer network. Certain matters have been rescheduled and future rescheduling efforts will be conducted on a case-by-case basis. We appreciate the continued patience and understanding of the courts and the public as we work to resolve this matter.

Friday, Feb. 16 Update


OSPD continues to investigate and address a recent malware encryption matter. In response to this matter, OSPD disabled the computer network as a preventative measure. This has resulted in outages on OSPD systems.  


The incident response process to recover from and investigate this matter will involve a series of complex steps and workflows. It will also involve careful inspection to recover systems as quickly and safely as possible.  


At this time, while computer networks are disabled, OSPD has implemented workarounds where possible, and we continue to make progress on our recovery efforts. We have recovered certain administrative functions and are taking steps to ensure that we can provide high-quality representation to our clients. The incident response process may take some time to complete thoroughly and safely to ensure an accurate understanding of this matter. 


Threat Containment Process 


OSPD’s computer network environment represents hundreds of systems and spans 23 offices across the state. The containment process involves deploying specialized threat detection and monitoring tools across our systems, and then isolating those systems to communicate only to a Security Operations Center. The Security Operations Center monitors the systems to confirm they are secure, and, if needed, takes steps to secure the systems. Containment efforts for a computer network of this scale are a significant undertaking. We are addressing this matter as quickly and securely as possible. 


Digital Forensics Investigation 


The digital forensics investigation serves to inform the containment process, along with other vital information. The containment and forensic investigation steps can’t be overlooked, as failure to diligently complete each incident response workflow will result in deficiencies in other areas and potentially cause further delay. 

OSPD’s computer network remains partially disabled to complete the necessary incident response actions and to begin conducting a forensic investigation. 


The incident response workflows continue to proceed, but we are unable at this time to provide an estimated timeline for completing recovery. OSPD continues to work diligently to complete the above actions as quickly and safely as possible while continuing to serve our clients. 

Monday, Feb. 19 Update

The following update on OSPD operations was shared with the State Court Administrator today.

While we have made significant progress bringing certain systems back online, a number of business critical systems remain unavailable, including:



Currently, the OSPD has regained access to its email, phone system, publicly available court information and certain public case filings in ICCES/CCEF. Certain jurisdictions have made paper discovery available to the OSPD. These temporary workarounds are being used on a case-by-case basis in an effort to continue providing high quality service to our clients. Additionally, in some cases, public defenders have access to Westlaw.

Friday, Feb. 23 Update

OSPD has continued to make progress in our recovery efforts, and we are now able to bring all staff workstations online. This development will advance our ability to operate and allow us to continue providing high-quality service for our clients. Most of our employees now have access to email, some client files, and court files. More work is necessary to return to normal operations and we anticipate similar improvements in offices as our recovery efforts progress.

Our review of this matter remains ongoing, and we will continue to provide relevant recovery and operational updates.

Friday, March 1 Update

Our recovery efforts remain ongoing, but we can now confirm that all of our staff have access to email, all OSPD trial offices have been brought back online and are able to access court files. Client files continue to be restored. We are also able to access most web-based programs we use as part of our investigative and administrative work.

We are still experiencing disruptions with digital discovery tools, requiring us to use more time-intensive manual workarounds. This has created a backlog in downloading discovery and has created delays in managing our files. We are working to bring these tools back online in the near future.

We will continue to provide updates on other systems as they come back online. More work is necessary to return to normal operations, but we anticipate making continued progress in the coming days.

Monday, March 11 Update

While our investigation into this incident and the corresponding recovery and restoration efforts remain ongoing, we have made incremental but important progress in bringing systems back online in a secure manner. Although we are not back to 100% business as usual and have significant work left to do, certain important features are being restored over the coming days.


The teams continue to work diligently to restore full functionality and operability across all systems. We look forward to returning to full operations as quickly and as safely as we are able.

Friday, March 15 Update

On or about February 9, 2024, OSPD identified that certain computer systems were encrypted by malware. In response to this matter, OSPD took steps to contain the spread of the malware, safely and securely recover systems, and continues conducting a thorough assessment to determine what occurred. OSPD began providing online updates regarding this matter on February 11, 2024, and has continued to provide periodic updates on its website as response efforts progress. Through the ongoing assessment of this matter, it was identified that some files were copied without permission in early February 2024. Those files may include an individual's name, Social Security number, driver’s license or identification card number, other government identification number, medical information, and/or health insurance identification number.


Individuals may visit https://coloradodefenders.state.co.us/home to learn more about this matter.  In addition, as the assessment into the nature and scope of this event continue, OSPD has shared free resources on its website that individuals can utilize to protect their personal information. OSPD will share further updates to its website as appropriate.



Media Contact: