TOPEKA, Kan. — The Kansas court system has begun bringing its computer system for managing cases back online, two months after a foreign cyberattack forced officials to shut it down, along with public access to documents and other systems, the judiciary announced Thursday.
Case management systems for district courts in 28 of the state's 105 counties are expected to be back online Monday, with others to follow by the end of the week. Online access to documents for the public will be restored afterward, although counties that go back online can provide access through terminals in their courthouses, the judiciary said.
The courts have also restored systems that allow people to apply for marriage licenses online and file electronic requests for orders to protect them from abuse, stalking and human trafficking.
The seven justices of the Kansas Supreme Court, who oversee the administration of the state's courts, said last month that the judiciary was the victim of a “sophisticated foreign cyberattack.” Criminals stole data and threatened to post it on a dark website “if their demands were not met”, the judges said.
However, judiciary officials have not made public the hackers' demands, whether any ransom was paid or how much the state spent on restoring the judiciary's systems. Asked about the ransom on Thursday, Judiciary spokesperson Lisa Taylor referred to last month's statement.
“Restoring our district court case management system is a long-awaited milestone in our recovery plan, but we still have much work to do,” Supreme Court Chief Justice Marla Luckert said in a statement Thursday.
The outages affected courts in 104 counties — all but the state's most populous, Johnson County in the Kansas City area. Johnson County has its own systems and won't join the state systems until next year.
The judiciary initially described the attack as a “security incident,” but cybersecurity experts said it had the hallmarks of a ransomware attack — including in the way court officials provided few details about what happened.
The prolonged outage has forced courts in the affected provinces to return to paper-based filing of documents. Judiciary officials acknowledged that it could take weeks for the courts to electronically record all cases since the Oct. 12 shutdown.
The electronic filing and case management systems for the state Court of Appeals and Supreme Court will come back online after the district courts are completed.
A risk assessment of the state's legal system issued in February 2022 is kept “permanently confidential” under state law, as is an assessment released in June 2020.
Last month, state Rep. Kyle Hoffman, the chairman of the Legislature's Information Technology Committee, told reporters after a meeting that the results of the 2020 audit were dire, but he provided no details. He said the 2022 audit showed much improvement, again without releasing details.
Two recent audits of other government agencies have revealed cybersecurity weaknesses. The most recent version, released in July, stated that “agency leaders do not know or do not sufficiently prioritize their IT security responsibilities.”