Highline Public Schools recently revealed that a ransomware attack was responsible for the closure of all its schools for three days in early September 2024. The incident prompted a thorough investigation and significant efforts to restore the district’s network.
Highline Public Schools, which employs over 2,000 people, educates over 17,500 students across thirty-four schools in Burien, Des Moines, Normandy Park, SeaTac, and White Centre in Washington State. The district offers a wide range of programs, from early childhood education to college preparation.
The district discovered unauthorised activity on its network on September 7, following a security breach. As a result, all schools were temporarily closed, and school activities were cancelled.
Highline Public Schools is currently collaborating with the FBI to investigate the the breach. While it is unknown if cybercriminals got personal information, the district is providing staff members a year of free credit monitoring as a precaution, according to district spokesman Tove Tupper.
The school district disclosed the following week:
In response, a third-party cybersecurity forensic specialist was engaged, and an investigation was launched, which confirmed that the unauthorized activity was a form of ransomware. We notified the FBI of this activity, and we are working to support their investigation. Due to the nature of the investigation, we cannot comment on any potential law enforcement investigation at this time.
The district claimed that although the attack exposed Highline’s digital network, it had no effect on the physical safety of students, employees, or school property. All student safety protocols remain fully intact.
Highline’s Educational Disruption Because of Ransomware
The ransomware attack caused significant disruption, with the district making an unusual return to analogue methods in the digital age. Teachers lost access to their digital curriculum, while students were unable to use their digital textbooks.
In recent weeks, teachers have reverted to using projectors and handwritten lesson plans. Landline telephones have become the primary means of communication within the district, with attendance now manually recorded and delivered to the Highline School District headquarters each day. Students have also returned to using paper for notes and homework.
The district is still working to restore its network systems and expects to begin reimaging all student and staff devices on October 14. Users will need to reset their passwords to access just Apple and Chromebook devices, which will not require re-imaging.
Cyberattacks are becoming more common as schools rely increasingly on the internet. Doug Levin, the head of the K-12 Security Information eXchange, a group that helps schools defend against cyber threats, estimates that one school district gets hacked on average every day.
The ransomware group responsible for the attack last month is still unknown. It’s also unclear if any staff or student personal data was compromised.
A similar incident occurred in January 2023 when a ransomware attack forced the Des Moines school system in Iowa to close for a few days. In around six months, the district disclosed that the attackers had gotten the personal information of 6,700 people. It took the district roughly a month to determine the extent of the incident.
Successful ransomware attacks are most often preceded by phishing emails. Ensure your colleagues maintain a security-first mindset and strengthen your human firewall by starting Phishing Tackle’s security awareness training today with our two-week free trial.