A ransomware attack targeted the Los Angeles Unified School District, resulting in the unauthorised release of approximately 2,000 current and former students’ health records on the dark web. The district made an official statement about the incident on Wednesday, informing the public about the unfortunate breach of student privacy.
The ransomware attack led to the release of hundreds, possibly even thousands, of confidential mental health records of former students. The records were published online, and it is a serious breach of privacy. An investigation by The 74 uncovered this disturbing incident.
The psychological evaluations of students have been leaked on the Dark Web by a ransomware group called Vice Society. The leak contains a shocking amount of personal information about students who needed special education, such as their medical history, academic performance, and disciplinary records.
According to Doug Levin, the K12 Security Information exchange’s national director:
It’s deeply disturbing that an organization that you’ve entrusted with such sensitive information is either significantly delaying — or even hiding — the fact that individuals had very sensitive information exposed.
In September 2022, the school district was attacked by ransomware, and The Wall Street Journal reported that thousands of files were stolen. Despite the attack, the district did not give in to any demands from the Vice Society and carried on with school as usual.
It’s quite possible that people are unaware that their personal data can be accessed online. According to a spokesperson for the Los Angeles Unified School District, they haven’t received any notice about it. A lot of records are also publicly available, but the district’s leaders are unaware of this. However, the district did inform the public last month that confidential information about its employees had been leaked.
The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning in January that alerted the public to the fact that cyber gangs are targeting school districts, which could have extremely negative effects on the children, their families, instructors, and administrators.
The threat has gotten worse because of the epidemic and the increased reliance of schools on technology. According to the government authorities, incidents have increased from 500 in 2018 to over 1,350 in 2021, which have a direct effect on schools and have been made public.
The local school authority is presently determining whether the material that has been made public falls under the criteria of “medical information” and if it necessitates notifying the victims by law. Although certain student health data are covered by HIPAA, assessments of their psychological health are not, which may result in a breach of the Family Educational Rights and Privacy Act.
Many parents are worried that the recent data breach could have a negative impact on funding for the school’s special education programs.
Ariel Harman-Holmes, a parent of three disabled children in the Los Angeles Unified School District, expressed her concerns about the situation. She fears that the school may have to allocate funds to cover legal expenses related to the breach, which could reduce the amount of money available for special education.
She further said to The 74:
I would rather have those funds go back into the schools and special education rather than spending a ton on litigation or settlements about privacy issues. Our middle son is a very private person, and this could be a psychological torment to him knowing that personal observations about him were out there.
In recent years, ransomware attacks have caused widespread disruptions globally, targeting various systems such as schools, healthcare providers, and utilities.
These attacks compromise the privacy of individuals and result in unexpected costs for victim companies and organisations. As a result, they continue to be a significant concern for many people, impacting daily lives.
Successful ransomware attacks are most-often preceded by phishing emails. Help your colleagues keep a security-first mindset and boost your human firewall by starting your Phishing Tackle security awareness training today with our two-week free trial.