Highline Public Schools Forced to Close By Cyber-Attack

Written by

A group of schools in the US Pacific Northwest has been forced to close for at least two days, following a cyber-attack.

Highline Public Schools has more than 17,500 students in grades K-12. The district has 34 schools and 2,000 staff in Washington State.

On Sunday, the school district reported that it had suffered a cyber-attack and all schools would be closed on Monday. The closure includes canceling meetings and athletics. The closures also meant canceling the first day at kindergarten for this year’s intake.

The district later announced that schools would stay shut today, Tuesday.

“We have detected unauthorized activity on our technology systems and have taken immediate action to isolate critical systems. We are working closely with third-party, state and federal partners to safely restore and test our systems,” the district said in a statement.

It later added: “We understand canceling school is a significant disruption for our families and staff, but student safety remains our top priority.”

Staff at Highline have been told not to use district issued computers and laptops as a precaution, and Highline said it has disconnected its network from the internet. As a result, staff are unable to access key applications “required for the safe operation of schools.” Staff can continue to use Office 365 and district-provided cellphones for email.

A spokesperson for the school district, Tove Tupper, told the Seattle Times that investigators had not found any theft of staff or families’ personal data. However, the schools had lost access to key systems, including an application that manages school transport. “We can’t afford to be without access to that, especially the start of the year,” Tupper told the newspaper.

Read more about cyber-attacks against US schools: Data Breaches in US Schools Exposed 37.6M Records

Increasing Attacks Against Schools

Cyber-attacks against schools are increasingly common, and appear to rise at the start of the school year, with ransomware accounting for a significant number of attacks. Earlier this year, a school in Essex, UK, was forced to close after a ransomware attack locked staff out of school IT systems.

“It's about leverage,” Andrew Hollister, security expert and former CISO told Infosecurity. “Hitting the schools at the beginning of term is a way to pressure them into a quick payout to avoid impacting the school year – just like a cyber-attack in any other industry at a peak time.”

Don Smith, Vice President of Secureworks Counter Threat Unit, explained that there are several steps schools can take to protect themselves from similar attacks.
 
“With the limited resources many schools are working with, there are still ways to stay protected against cyber-attacks. The first step is to patch any networks that face the internet so that vulnerabilities are addressed on a regular basis,” Smith advised.

“Secondly, it’s crucial that schools add a layer of multi-factor authentication to make it harder for bad actors to break through. By implementing these two strategies, it’s likely that schools and other educational institutions will become less prone to attacks and have better cyber health overall.”

What’s hot on Infosecurity Magazine?