Student Health Records Leaked by Ransomware Attackers

Date:

February 23, 2023

World map

Health records for several thousand current and former Los Angeles school district students leaked publicly following a ransomware attack in 2022. LAUSD had fallen victim to a major ransomware attack claimed by the Russian outfit Vice Society. The district, under the advice of federal authorities assisting in the response, declined to pay the ransom demand and subsequently took another hit when the attackers released sensitive data as part of a double extortion scheme.

Takeaway: Several takeaways from this incident, a key item being that data backups (while important and highly recommended) do not assure resilience in regard to ransomware attacks. Data backups will certainly aid in recovery, but they do not protect against data loss and leakage. Double extortion is an increasingly popular tactic in which the attackers exfiltrate data from the target prior to detonating the ransomware payload and encrypting systems. When the ransom note is delivered, it usually states a ransom payment deadline the victim must meet lest they end up like LAUSD and have their sensitive data leaked.

Another takeaway here is that attackers know that the SOC is typically not fully staffed on weekends and holidays, so this is an optimal time to perpetrate an attack. As well, the light staffing also means that the attack takes longer to detect and it takes longer to assemble the team and initiate incident response - these delays most certainly drive up the overall cost of recovery for victim orgs.

Lastly, criminal ransomware groups continue to target organizations like hospitals and school districts because they lack the appropriate budgets and staff to bolster their cybersecurity and IT capabilities. Even if grant money is available or if technology is donated, there is still a resource gap in trained staff to manage and protect their infrastructure. The students who have had their PII leaked unfortunately will pay the cost well into the future by having their information available to purchase for pennies. Until the profit motive is substantially reduced for successful ransomware attacks this trend will continue.

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.