Skip to main content
govconCyber
Analysis

Two Weeks Offline: Incident-Response Lessons from the Kansas Court Cyberattack

A 'security incident' kept most Kansas courts offline for two weeks. The disruption is a case study in why resilience — not just prevention — wins.

Brandon Hancock, J.D., CMMC-RPPublished October 25, 2023Updated June 8, 20265 min read

For nearly two weeks in October 2023, most of Kansas's courts were knocked offline by what officials called a "security incident" — one that experts said had all the hallmarks of a ransomware attack. Attorneys couldn't search online records and were filing motions on paper. The episode is less about courts than about a lesson every contractor needs: prevention fails sometimes; resilience is what keeps you running.

What Happened

Beginning around October 12, 2023, the Kansas judicial system suffered an outage that took down online records and electronic filing across most of the state's courts. Officials were cautious with the "security incident" label and slow to confirm details — itself a reminder that, in the early days of an incident, you often won't know exactly what you're dealing with. The practical impact was immediate: a return to paper, growing backlogs, and work that would have to be sorted and re-scanned later.

Why a Contractor Should Care

You may never run a court system, but you can absolutely be the vendor, IT provider, or subcontractor whose systems sit in the blast radius — or who is expected to keep delivering when a customer's environment goes dark. Two realities stand out:

1. Downtime is the damage. The Kansas harm wasn't only data exposure; it was operational paralysis. For a contractor, an outage that stops deliverables can trigger missed milestones, cure notices, and contract risk independent of any breach-notification question. 2. Manual fallback is a real plan. Kansas kept limping along on paper. Do you have a documented way to keep performing if your primary systems are encrypted?

The Resilience Playbook

Ransomware defense is mostly unglamorous blocking and tackling:

  • Offline, tested backups. Backups that ransomware can also encrypt aren't backups. Keep copies offline/immutable and test restoration on a schedule.
  • Network segmentation. Limit how far an intrusion can spread; flat networks turn a foothold into a shutdown.
  • A written incident-response plan with named roles, decision points, and the all-important 72-hour clock for DFARS 252.204-7012 reporting if Covered Defense Information is involved — plus any state breach deadlines.
  • Continuity-of-operations procedures, including manual workarounds for critical deliverables.
  • Practice. Tabletop the scenario before it's real; the first time should not be the real time.

What to Do Now

  • Confirm your backups are offline and recently test-restored.
  • Write (or dust off) your incident-response and continuity plans and assign owners.
  • Know your reporting clocks — federal contract clauses and state breach laws run independently.

Key Takeaways

  • A ransomware-style incident kept Kansas courts offline ~2 weeks — the damage was operational, not just data.
  • For contractors, downtime itself is a contract risk; plan for manual fallback.
  • Resilience basics — offline backups, segmentation, tested IR and continuity plans — are what limit the blast.

Build the muscle with our Build a Compliance Program guide and grab incident-response templates from Templates & Downloads.

Tags
Share
BH

Brandon Hancock

J.D. · CMMC Registered Practitioner (RP)

Brandon is the editor of GovConCyber. He translates federal cybersecurity rules into plain language for the contractor community, with a focus on CMMC, DFARS, and False Claims Act enforcement trends.

About GovConCyber →Subscribe to the newsletter →
Was this post helpful?

Keep reading

Analysis"CMMC for AI": What the NDAA's New AI Security Framework Means for Defense ContractorsThe FY2026 defense law directs DoD to build a security framework for the AI it buys and wire it into DFARS and CMMC. A status report to Congress is due June 16, 2026.June 7, 2026 · 6 min readAnalysisState Cybersecurity Laws Government Contractors Often OverlookFederal rules aren't the whole story. State breach-notification and privacy laws can apply based on whose data you hold.April 29, 2026 · 6 min readAnalysisThe Federal Push on Healthcare Cybersecurity: What Health-Sector Contractors Should KnowAfter the Change Healthcare attack, the federal government leaned hard into health-sector cyber. Here's what the effort means for contractors handling health data.June 10, 2024 · 6 min read