CU health district website hacked

A screenshot of the Champaign-Urbana Public Health District's website as it appeared in September. On Wednesday, March 11, 2020, it was announced that the site was being held hostage by a ransomware attack and those looking for updates on the ongoing coronavirus pandemic should go to the district's Facebook page.

Listen to this article

CHAMPAIGN — In the midst of a coronavirus pandemic, the Champaign-Urbana Public Health District’s website has been hacked.

“The timing is horrible,” Administrator Julie Pryde said Wednesday.

The health district will be working with local governments to help push out vital information about the virus that causes COVID-19 on alternate websites and is urging the public to stay up to date on daily developments on the health district’s Facebook page, she said.

The district’s website was attacked by a new ransomware called NetWalker, Pryde said.

Ransomware is a malicious software that locks people out of their own computers. Victims generally receive a ransom demand for the encryption key to regain access to their data, according to Mat Deem, a customer service representative at Simplified Computers of Champaign. NetWalker hides in an essential Windows function to evade anti-virus detection, he said.

Health district employees became aware of the ransomware attack Tuesday when they lost access to files, Pryde said.

The district immediately notified the FBI and the Department of Homeland Security and is working with a consulting firm to investigate what happened and restore the website, Pryde said. She hopes to have it back up and running within a week.

What remains safe and available are the health district’s email accounts, environmental health records and patient electronic medical records, all of which were moved to cloud storage six months ago, according to Pryde.

The district also has secure Wi-Fi, and staff members are currently using their laptops to work, she said.

While files are unavailable for now, Pryde said much of the information the health district needs is available through shared emails and other sources.

“The public needs to know it’s being taken care of, and we’re still functioning,” she said.

In addition to working with Kroll, a global risk-consulting service, Pryde said the University of Illinois has also offered assistance.

John Bambenek, a local cybersecurity expert, said the health district falls into a “must operate” category.

“There are few companies that must always operate,” he said. “Public health districts in the midst of a pandemic is one of them.”

Bambenek cautioned against relying on Facebook to circulate public health information. Anyone could steal the health district’s logo and set up a fake page to circulate misinformation, he said.

Pryde said the health district’s Facebook page gets substantially more traffic than its website, and in fact has picked up 1,500 new “likes” in the last 28 days.

She also said older adults don’t tend to look for information on the website, instead typically calling or emailing.

Several staff members are monitoring the health district’s dedicated email for COVID-19 inquiries — coronavirus@c-uphd.org — and responding quickly, Pryde said. The district also has set up a coronavirus hotline at 217-239-7877.