Huber Heights cyber attack: city functions restored, $350,000 spent, personal data issue in limbo

City Manager Dzik says checking whether 65,000 compromised files have any personal data will be “most time-intensive part of the process”
Huber Heights City Manager Rick Dzik updated residents Nov. 17 on the status of the city's response to a cyber ransomware attack that was caught days earlier. AIMEE HANCOCK/STAFF

Huber Heights City Manager Rick Dzik updated residents Nov. 17 on the status of the city's response to a cyber ransomware attack that was caught days earlier. AIMEE HANCOCK/STAFF

The city of Huber Heights remains under a state of emergency as officials work to finalize recovery operations nearly two months after a cyberattack took down multiple government systems and functions.

According to City Manager Rick Dzik, all city services are functional, though “additional infrastructure work” is still underway.

City council voted Nov. 13, one day after the ransomware attack was discovered, to enter a state of emergency. Dzik said then that the declaration gave him the authority to use up to $350,000 in city funds in response to the cyber attack. He noted the city does have cybersecurity insurance that will cover a portion of the costs.

Dzik said Thursday this $350,000 in approved funds has been spent, with payments having been made to several entities to complete various steps of the recovery process.

“Payments were made to Secure Cyber Defense, who was the vendor that provided on-site response and recovery to the city throughout the attack; Coveware for threat actor negotiations; Sylint for forensic investigation; Best Buy and Micro Center for temporary devices; CMI/Civica to move our finance software to the Cloud; and Motorola to move our bodycam records to the cloud,” Dzik said in an email.

It is still unknown if any resident data has been affected by the attack, Dzik said, and the city is now working with a data mining company to collect files from the forensic investigators involved in the response.

“They are going to review approximately 65,000 compromised files to determine if any contain personal data,” he said. “This is expected to be the most time-intensive part of the process.”

Dzik said last month it is unknown the specific type of data that could have been stolen during the ransomware attack, but that it could vary from low- to high-risk material.

“I don’t want to speculate on what may have been released before we know for sure,” he said. “Generally, any data on city servers/computers is at risk, from innocuous letters, memos, and day-to-day work product, to personal information.”

Internally, Dzik said city staff is working to alleviate minor issues, like ensuring licensed software is up and running, and trouble-shooting any features to which employees have lost access.

“The biggest issue ... is getting a final determination on what kind of data was compromised,” he said.

About the Author