Last month, the education sector experienced a wave of ransomware attacks, causing disruptions and delays as schools and universities kicked off their new school year. According to TechTarget Editorial’s ransomware database, which tracks publicly confirmed attacks in the US, there were 28 attacks in total, with eight targeting the education sector. While some schools were able to resolve the attacks before classes resumed, others struggled to overcome network issues, resulting in prolonged disruptions.
These attacks, which targeted both K-12 schools and universities, followed a trend of increased targeting of the education sector by ransomware gangs. A previous report by TechTarget revealed that attacks on schools tend to rise as classes resume in August and September, despite the fact that most schools do not give in to ransom demands.
One such incident occurred in the Chambersburg Area School District in Pennsylvania, where computer systems were down, forcing the district to close four days after the official first day of school. The district, which serves over 9,000 students, enlisted the help of third-party forensic specialists to investigate the disruption. Although students were able to return to school on August 31 with a two-hour delayed start, they still lacked internet access.
In the aftermath of the incident, frustrated parents expressed their dissatisfaction with the lack of transparency from the school district. It wasn’t until school administrators released a statement confirming a ransomware attack that the true cause of the disruption was known. The extent of the breach and whether any sensitive data was stolen remains unknown.
The University of Michigan also experienced an internet disruption due to a “technology issue” just before classes resumed. Although the campus remained open and classes resumed, the financial aid funds were delayed, and the campus internet remained inaccessible. It was revealed that certain systems, including the M-Pathways student administration system, eResearch, and the Donor and Alumni Relationship tool, were also affected. The university restored internet and Wi-Fi access two days later but did not confirm whether a ransomware attack had occurred.
Meanwhile, Prince George’s County Public Schools (PGCPS) in Maryland fell victim to a cyber attack in mid-August, which the Rhysida ransomware group claimed responsibility for. The attack compromised the accounts of 4,500 users and affected more than 100,000 students attending the public school system. PGCPS initiated a districtwide password reset and warned of the potential unauthorized disclosure of personal information.
Additionally, Bunker Hill Community College in Massachusetts confirmed it suffered a ransomware attack at the end of the spring semester, potentially compromising students’ personal information, such as names, dates of birth, addresses, Social Security numbers, and education records.
Not only did the education sector face these targeted attacks, but healthcare organizations also became victims of ransomware. Prospect Medical Holdings, a California-based medical group that owns 16 hospitals, experienced a systemwide outage and was forced to take systems offline. Hospitals affiliated with the group, like Our Lady of Fatima Hospital and Roger Williams Medical Center, had to suspend inpatient and outpatient operations. CharterCare Health Partners, an affiliate of Prospect Medical Holdings based in Rhode Island, had to resort to using paper patient records due to the electronic medical record system being down. Although the systems were eventually restored, the attack caused significant disruption and highlighted the vulnerability of the healthcare sector.
Meanwhile, Progress Software’s MoveIt Transfer product suffered a widespread attack campaign by the Clop ransomware gang, exploiting a zero-day vulnerability. Several public disclosures filed in August revealed the extent of the attacks. Notably, the Colorado Department of Health Care Policy and Financing reported that over 4 million people were affected by the Clop ransomware attack.
According to Flashpoint’s “Cyber Threat Intelligence Index: 2023 Midyear Edition,” there were more than 650 MoveIt Transfer victims as of August 9. This number includes both directly attacked companies and third-party victims with data stored in vulnerable MoveIt Transfer systems.
The recent surge in ransomware attacks targeting the education and healthcare sectors serves as a stark reminder of the growing threat posed by cybercriminals. As these attacks continue to disrupt vital systems and compromise sensitive information, it is imperative for organizations to enhance their cybersecurity measures and remain vigilant in the face of evolving threats.