Just over one year ago, suspicious activity was detected within the City of St. Helens computer systems. A cyberattack was underway.
On Jan. 14, 2020, City of St. Helens officials posted an advisory on the City’s website that all of the City department phones, computers and emails were offline. The disruption affected all city departments, including city hall, public works, public library and the recreation center.
The City’s online statement said Emergency 911 and the non-emergency dispatch, 503-397-1521, were still working.
City spokesperson Crystal King said the city became aware of suspicious activity within its computer network and that some data and programs were unavailable.
“We promptly commenced an investigation and took the rest of our network offline in response,” King said. “We also engaged cybersecurity experts to assist with our investigation of the suspicious activity and to help restore access to programs and data within our network.”
By Jan. 23, most city computer services had been restored and King said it did not appear that personal and sensitive data was compromised.
“The goal is to block as many attacks as possible and have a plan in place to mitigate as much risks as you can and be prepared,” King told The Chronicle following the incident in January.
Since the attack last January, King said the city has not experienced any further cyberattacks or suspicious activity.
King said the January 2020 cyberattack was first noticed by city employees.
“The IT incident was triggered by an email which contained a corrupted attachment,” she said.
Following the forensic review by the city’s IT team, King said it was discovered that no customer information or software systems that manage customer data were accessed.
“The incident was found as soon as it started and our IT team was able to stop the incident before any data was actually taken.,” King said. “The community experienced a brief disruption in access to electronic city services as those systems were taken offline until an outside investigation firm confirmed that all software was clean. This included a brief shutdown of the city’s email server, phone system, and software which runs programs such as permitting and utility billing.”
King added that following the attack, the city conducted a broad investigation and took specific action to prevent further incidents.
“All impacted computers were replaced, and the city purchased new software that was used to help clean and better protect the IT infrastructure after the incident,” King said. “The city also reviewed its IT policies for employees and implemented new guidelines along with a new IT service provider. As is the case with most IT incidents, it was not determined where the attack originated.”
King said the city has also adopted an in-depth IT policy, which is reviewed, and ongoing staff training will be conducted as a way to stay current on best practices.
“The city hired a new IT service provider and purchased new software to enhance IT security,” she said. “The city is still going through an IT upgrade process that should be completed by April at all city facilities.