Student Health Records Leaked by Ransomware Attackers

Incident Date:

January 20, 2023

World map



Student Health Records Leaked by Ransomware Attackers






Los Angeles, USA

California, USA

First Reported

January 20, 2023

Health Records Leaked in Los Angeles School District Ransomware Attack

Health records for several thousand current and former Los Angeles school district students leaked publicly following a ransomware attack in 2022. LAUSD had fallen victim to a major ransomware attack claimed by the Russian outfit Vice Society. The district, under the advice of federal authorities assisting in the response, declined to pay the ransom demand and subsequently took another hit when the attackers released sensitive data as part of a double extortion scheme.


Several takeaways from this incident, a key item being that data backups (while important and highly recommended) do not assure resilience in regard to ransomware attacks. Data backups will certainly aid in recovery, but they do not protect against data loss and leakage. Double extortion is an increasingly popular tactic in which the attackers exfiltrate data from the target prior to detonating the ransomware payload and encrypting systems. When the ransom note is delivered, it usually states a ransom payment deadline the victim must meet lest they end up like LAUSD and have their sensitive data leaked.

Another takeaway here is that attackers know that the SOC is typically not fully staffed on weekends and holidays, so this is an optimal time to perpetrate an attack. As well, the light staffing also means that the attack takes longer to detect and it takes longer to assemble the team and initiate incident response - these delays most certainly drive up the overall cost of recovery for victim orgs.

Lastly, criminal ransomware groups continue to target organizations like hospitals and school districts because they lack the appropriate budgets and staff to bolster their cybersecurity and IT capabilities. Even if grant money is available or if technology is donated, there is still a resource gap in trained staff to manage and protect their infrastructure. The students who have had their PII leaked unfortunately will pay the cost well into the future by having their information available to purchase for pennies. Until the profit motive is substantially reduced for successful ransomware attacks this trend will continue. is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.