On Friday, February 24, the Los Angeles Unified School District (LAUSD) confirmed a ransomware attack and data leak on September 5, 2022, which compromised personal and confidential information of approximately 2,000 students, including 60 currently enrolled. The attack also resulted in the leakage of positive COVID-19 test results.
According to Jack Kelanic, senior administrator of IT infrastructure at LAUSD, the records of the incident go back almost three decades, which requires a time-consuming analysis. He stated that the investigation is likely criminal in nature and the district has swiftly implemented a response protocol to mitigate any Districtwide disruptions.
LAUSD has also established an independent IT task force to develop a set of recommendations and monthly status updates. They later announced that the illegally obtained data had been released online by a criminal organization and they have notified some individuals and vendors of the incident.
Kelanic said that Los Angeles Unified takes student, family, and employee privacy very seriously and has been implementing enhanced protections and procedures to ensure data security. The investigation is still ongoing.
How School Districts can Prevent Ransomware Attacks
Chris Close, a cybersecurity expert with Cyber Sleuth Security’s Garnet Valley office, recently sat down to discuss the best ways for school districts to prevent ransomware attacks.
"The first step in preventing ransomware attacks is to ensure that your school district has the proper security protocols in place," said Close. "This includes having a firewall, an anti-virus program, and regular security patches. Additionally, it's important to have a comprehensive backup strategy in place to ensure that data can be recovered in the event of a ransomware attack."
When asked about user training, Close said it was crucial for school districts to educate their staff on proper cybersecurity practices. "It's important to train staff on how to handle email attachments, how to recognize potential phishing scams, and how to use strong passwords. Additionally, it's important to remind staff to never download any software from unknown sources."
Close also emphasized the importance of regular testing. "Having regular vulnerability scans and penetration tests can help to identify any potential security issues that could lead to a ransomware attack. Additionally, it's important to ensure that your staff is regularly updated on any security policies or procedures that have been implemented."
Finally, Close stressed the importance of communication. "Having a clear and consistent communication plan in place is essential. This way, if an attack does occur, everyone will know exactly what to do."