In recent years, there has been an increase in cyberattacks against school districts around the country. In fact, the Multi-State Information Sharing and Analysis Center, a federally funded organization, notes that there has been a 19% increase in ransomware attacks against schools between 2019 and 2020 and expects an 86% increase in 2021. Cyber attackers target a school’s computer system making them inaccessible by infecting the system with ransomware, a form of malware designed to encrypt files, and then they threaten to sell or leak sensitive data if a ransom is not paid. Sometimes, the attackers actually follow through on these threats and leak sensitive information, as was the case with the Manhasset School District this past September.

 Dr. Gaurav Passi, Acting Superintendent of the Manhasset School District, confirmed in an October 8th letter to the Manhasset School Community that “we have discovered ransomware in our system and that the malicious actor … has claimed to have stolen data.”  

In an October 20th update, Dr. Passi informed the community, “the criminals who encrypted the District’s computer systems with ransomware and stole files from our servers had posted the stolen files to the dark web.” 

The attack against the Manhasset School District was one of several that affected area school districts over the last few years including Mineola, Floral Park/Bellrose, and North Shore Hebrew Academy. As recently as December 3rd, the Riverhead Central School District reported a ransomware attack on its computer systems.  This is not just a local problem as similar attacks have affected schools around the country, including Baltimore County, Miami, Toledo, and Huntsville, Alabama.

As these incidents increase, it’s essential that cybersecurity in schools is a priority. “Cybersecurity is important because so many facets of our District’s operations rely on a fully functioning computer network,” Dr. Passi explained. “As we saw during this ransomware incident, securing our computer network is important to maintain District functionality. In addition, school district computer systems house sensitive personal information regarding students, families, and employees. Protecting that information is a priority of school districts.” 

Recognizing the importance of cybersecurity in schools, Congress included funding in the bipartisan infrastructure bill to help schools protect themselves. During a news conference on November 22nd at Manhasset Secondary School, Senate Majority Leader Chuck Schumer announced that the bill authorizes a $1 billion Department of Homeland Security cyber security grant program. Schumer said that a quarter of the funds are dedicated to vulnerable areas like Long Island that have recently seen an increase in ransomware attacks.  The legislation also includes funds to set up a new office to combat cyberattacks.  Funds can be used to repair and upgrade computer software but cannot be used to pay ransoms. 

“Unfortunately, cybercriminals are getting more and more sophisticated,” commented Dr. Passi. “Districts can protect themselves in a number of different ways including deploying anti-malware software, staff, and student training, ensuring that software is up-to-date, and by following the advice of network security professionals.”  The grant money will be essential to helping schools fund these protective measures.  

During the news conference, Schumer also noted that defending against ransomware attacks is very expensive and should not be the burden of taxpayers: “Today we come with news of relief to the tune of $1 billion dollars in federal funds that’s not only needed but long overdue.”  

Dr. Passi echoed this sentiment when asked how schools, specifically Manhasset, would benefit from the proposed infrastructure funding.  “There are a number of benefits that come from an increase in federal funding. The most significant of which is that increased federal funding means that school districts can devote money from their own budgets towards addressing other areas of need.” 

Dr. Passi expressed his gratitude to each member of our school community for their patience and understanding throughout this process, saying that “each step we undertook had been methodical and painstaking as we navigate the complexity of the issues presented by this ransomware attack.”