As Coronavirus Spreads, an Illinois Public Health Agency’s Website is Sidelined by Hackers

The ransomware outage could take weeks to fix.

Frank Rumpenhorst/DPA via ZUMA Press

The coronavirus is a rapidly developing news story, so some of the content in this article might be out of date. Check out our most recent coverage of the coronavirus crisis, and subscribe to the Mother Jones Daily newsletter.

The website for a public health department serving about 210,000 people in central Illinois, including students at the state’s flagship public university, has been hit with ransomware that could leave it shuttered for up to two weeks. While the perpetrator of the cyber attack has not been identified, the closure comes as Illinois has 20-some confirmed coronavirus cases, and raises the prospect that other government agencies instrumental to responding to the epidemic could face similar challenges.

Julie Pryde, the chief administrator for the Champaign-Urbana Public Health District, said Wednesday that the agency’s website went down Tuesday morning and that, within a few hours, her staffers and an outside contractor had determined it to be the result of a ransomware attack. Officials at the Illinois State Police and the local FBI office cannot yet confirm whether they are involved in any investigation.

“It’s inconvenient,” Pryde said, before citing a “robust continuity of operation plan” that the agency was using to keep people informed despite their site’s closure, including its more popular Facebook page and sharing information via local media outlets and other county government agencies.

Ransomware is software that an attacker loads on to a victim computer to lock files or block access, usually in concert with a demand for payment. Pryde did not offer any details on the ransomware itself, how the agency fell victim to it, or whether the agency had considered paying the ransom. It’s not clear what information the agency lost access to or what data the attacker could access, but Pryde suggested that electronic medical records, email, and environmental health data were still functional. Pryde says the agency and its systems are distinct, leaving other local government offices unaffected.

While the Champaign-Urbana Public Health District may be the first such agency in the US to be hit with ransomware during the coronavirus epidemic, it is only the latest in a long string of such attacks. Since 2013 there have been at least 350 instances of ransomware targeting state or municipal political entities, according to data compiled by StateScoop, a cybersecurity trade publication marketed to government workers. Illinois has seen 14 incidents in that time, according to the data.

Allan Liska, an intelligence analyst with cybersecurity firm Recorded Future who published the research underlying StateScoop‘s report, says that state and local governments, along with healthcare-related entities, are among the most frequent targets of ransomware. Both kinds of victims want to get their services back up as quickly as possible “even if being quick means having to pay the ransom,” he says, explaining that private healthcare providers are more likely to pay than governments because “nobody wants to admit they used taxpayer dollars to, essentially, pay blackmail.”

Information security efforts are also typically underfunded at state and local government agencies, he says, and preventative measures to prevent hypothetical ransomware attacks are usually a low priority.

While Liska says ransomware can be relatively simple to deploy—launched, say, via an email link or suspect email attachment—some recent attacks have been harder to defend against. He points to one 2019 case where an attacker managed to infiltrate a third party internet technology provider and simultaneously attack 22 Texas cities. The attacker wanted $2.5 million to unlock the cities’ computers, according to NPR. “That’s a fairly sophisticated attack,” Liska says.

In November, a Wisconsin-based cloud data hosting provider fell victim to a ransomware attack, cutting 110 nursing homes and acute-care centers in 45 states off from important patient data. The head of the company that ran those facilities told cybersecurity journalist Brian Krebs the attack put her patients in grave danger.

“Another attack like that could cause significant disruption, especially while everybody’s so worried about the coronavirus,” Liska says. “If senior care gets disrupted while we’re in the middle of a pandemic, it could cause loss of life.”

John Bambenek, an Champaign local who runs a cybersecurity consulting firm and who happened to be attending a public meeting of the county commissioners Tuesday night, says County Executive Darlene Kloeppel announced that the health department’s website had been “hacked.” Beyond saying it would be down for a week or so, Bambenek says she shared very little additional detail. “I found that extremely suspect,” he says. “It’s not really a great time” for an outage, he added, noting that in “the absence of trustworthy information you can get hype.”

Bambenek says that although no cases of coronavirus have been officially reported in the area so far, rumors of cases are circulating locally via social media. He notes that the advice to check Facebook for information might work for some, but not for people lacking accounts on the platform.

Pryde says that most people are aware they shouldn’t pay attention to such reports, and that the community knows that her agency should be its main source for authoritative information. “If there is a case, the information will come from public health,” she says. “It will not come from your hairdresser or somebody on Twitter.”

This is all the more reason why, she says, the ransomware incident didn’t come at a great time. “Unfortunately during these kinds of pandemics or crises, all kinds of things are going to happen,” she says. “Life goes on, and anything above and beyond dealing with the pandemic itself makes it all the more difficult.”

WE'LL BE BLUNT

It is astonishingly hard keeping a newsroom afloat these days, and we need to raise $253,000 in online donations quickly, by October 7.

The short of it: Last year, we had to cut $1 million from our budget so we could have any chance of breaking even by the time our fiscal year ended in June. And despite a huge rally from so many of you leading up to the deadline, we still came up a bit short on the whole. We can’t let that happen again. We have no wiggle room to begin with, and now we have a hole to dig out of.

Readers also told us to just give it to you straight when we need to ask for your support, and seeing how matter-of-factly explaining our inner workings, our challenges and finances, can bring more of you in has been a real silver lining. So our online membership lead, Brian, lays it all out for you in his personal, insider account (that literally puts his skin in the game!) of how urgent things are right now.

The upshot: Being able to rally $253,000 in donations over these next few weeks is vitally important simply because it is the number that keeps us right on track, helping make sure we don't end up with a bigger gap than can be filled again, helping us avoid any significant (and knowable) cash-flow crunches for now. We used to be more nonchalant about coming up short this time of year, thinking we can make it by the time June rolls around. Not anymore.

Because the in-depth journalism on underreported beats and unique perspectives on the daily news you turn to Mother Jones for is only possible because readers fund us. Corporations and powerful people with deep pockets will never sustain the type of journalism we exist to do. The only investors who won’t let independent, investigative journalism down are the people who actually care about its future—you.

And we need readers to show up for us big time—again.

Getting just 10 percent of the people who care enough about our work to be reading this blurb to part with a few bucks would be utterly transformative for us, and that's very much what we need to keep charging hard in this financially uncertain, high-stakes year.

If you can right now, please support the journalism you get from Mother Jones with a donation at whatever amount works for you. And please do it now, before you move on to whatever you're about to do next and think maybe you'll get to it later, because every gift matters and we really need to see a strong response if we're going to raise the $253,000 we need in less than three weeks.

payment methods

WE'LL BE BLUNT

It is astonishingly hard keeping a newsroom afloat these days, and we need to raise $253,000 in online donations quickly, by October 7.

The short of it: Last year, we had to cut $1 million from our budget so we could have any chance of breaking even by the time our fiscal year ended in June. And despite a huge rally from so many of you leading up to the deadline, we still came up a bit short on the whole. We can’t let that happen again. We have no wiggle room to begin with, and now we have a hole to dig out of.

Readers also told us to just give it to you straight when we need to ask for your support, and seeing how matter-of-factly explaining our inner workings, our challenges and finances, can bring more of you in has been a real silver lining. So our online membership lead, Brian, lays it all out for you in his personal, insider account (that literally puts his skin in the game!) of how urgent things are right now.

The upshot: Being able to rally $253,000 in donations over these next few weeks is vitally important simply because it is the number that keeps us right on track, helping make sure we don't end up with a bigger gap than can be filled again, helping us avoid any significant (and knowable) cash-flow crunches for now. We used to be more nonchalant about coming up short this time of year, thinking we can make it by the time June rolls around. Not anymore.

Because the in-depth journalism on underreported beats and unique perspectives on the daily news you turn to Mother Jones for is only possible because readers fund us. Corporations and powerful people with deep pockets will never sustain the type of journalism we exist to do. The only investors who won’t let independent, investigative journalism down are the people who actually care about its future—you.

And we need readers to show up for us big time—again.

Getting just 10 percent of the people who care enough about our work to be reading this blurb to part with a few bucks would be utterly transformative for us, and that's very much what we need to keep charging hard in this financially uncertain, high-stakes year.

If you can right now, please support the journalism you get from Mother Jones with a donation at whatever amount works for you. And please do it now, before you move on to whatever you're about to do next and think maybe you'll get to it later, because every gift matters and we really need to see a strong response if we're going to raise the $253,000 we need in less than three weeks.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate