Report: Baltimore school system lacked defenses prior to 2020 cyberattack

Batimore County Public Schools was reported by the Maryland Office of the Inspector General for Education to have failed to strengthen its security processes and implement years-long IT recommendations before being impacted by a ransomware attack in November 2020, which resulted in $9.7 million in recovery and upgrade costs, according to StateScoop. Several data and network vulnerability recommendations in Maryland Office of Legislative Audits reports since 2008 have been disregarded by Baltimore County schools, whose last audit prior to the Nov. 24, 2020, ransomware attack revealed publicly accessible database servers, the report showed. Baltimore County schools also had its network compromised by the attack after a lacking response to a malicious email attachment received by a school employee. However, the school district did immediately respond to the incident upon the discovery of encrypted data, as well as made significant strides in bolstering its security over the past two years, including the use of an encrypted cloud environment for all its databases and widespread multi-factor authentication implementation.