Breach, Incident Response, Network Security

Cyberattack on Rochester Public Schools spurs class cancellations

Stack of books with laptop on wooden table

A cyberattack deployed against Rochester Public Schools in Minnesota on April 6 has spurred class cancellations, downed phone systems and caused network disruptions. The school district is made up of approximately three dozen schools.

Unusual activity was detected by the technology staff, prompting the team to shut down the network as a precaution, according to a spokesperson on April 8. The response team is working with an outside cybersecurity firm to address the situation.

Fortunately, the attack struck at the end of spring break and did not result in any class impacts on April 7.

However, the incident was not resolved over the weekend, forcing the cancellation of classes on April 10. The school district has been working on “modifying plans to best serve our students” given the lack of access to the internet and core systems and reduced access to systems used for classes, including Skyward and Google.

A teacher told one local news outlet that the district uses tech for nearly all subjects, with some classes heavily relying on the internet to function. The attack has forced a major shift in how students will be taught.

As such, staff were told to report to school April 10 to work on a plan to create processes able to support a week of classes without technology.

Although classes resumed April 11, officials warned that “student technology devices will not be functional. Please bring a writing utensil and a notebook for your classes.” Access to daily schedules and teacher assignments are also unavailable.

All email systems are down and have been since April 7. Parents were told to contact the schools for urgent matters. However, the latest update on April 10 shows the school district phone systems are only partially restored.

Parents were told that if a call to a desired phone number is “unsuccessful,” to call three designated phone lines. However, these numbers should only be used in emergency cases.

Further, the IT team created a functional online site for “daily work schedules,” which are updated each morning and emailed to families. All online students were told to “not report in-person but work asynchronously.”

Transportation is expected to operate as scheduled, as well as the cafeteria system. The school district has also resumed adult and community education classes. But online students are being told to come to class in person at designated locations, while evening classes are being “determined on a case-by-case basis.”

“While we will place top priority on being transparent and timely in our communication, we also want to be sure the information we provide is fully accurate,” according to a spokesperson.

The Rochester Public Schools cyberattack bears hallmarks to the Medusa ransomware attack levied against Minneapolis Public Schools last month.

The education sector, much like the healthcare and manufacturing industries, faces a host of resource and staffing gaps that pose serious cybersecurity challenges. These vulnerabilities have made schools a prime target for cybercriminals.

As Seattle Public Schools’ CISO April Mardock previously told SC Media, “Nonprofits really don't have the skillset to do what needs to be done here,” from a cyber perspective. “They don't have the skill sets to properly configure their firewalls, phishing, to set up the machines for reliable updates. And it’s just a few basics.”

Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.