According to a report by the Maryland Office of the General Inspector for Education, a cyber attack on Baltimore schools cost nearly $10 million to remedy. The attack, which was launched in 2020, came after Baltimore County Public Schools ignored multiple cybersecurity recommendations issued by the State Legislator.
The schools failed to maintain adequate cybersecurity defenses or maintain their internal network server security as instructed. On top of this, they ignored the warnings to reallocate public database servers that were easily accessible by skilled hackers. Similar concerns were pointed out during an extensive 2015 audit.
The attack took down the school’s networks for several days, leading to disruptions in remote learning programs and the school’s administrative properties. Systems like the employee payroll and HR department were heavily impacted.
The report reveals that it was caused by the school’s lead security contractor opening a phishing email on an unsecured network. Initially, a school employee found the phishing email and thought it was suspicious. He forwarded it to the IT department who then forwarded it to the contractor.
“The OIGE investigation revealed that the contractor mistakenly opened the email with the attachment using their unsecured BCPS email domain account and not in their secured email domain,” reads the report. “Consequently, opening the attachment in the unsecured environment served as the catalyst, which delivered the undetected malware into the BCPS IT network.”
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are participating in an ongoing investigation into the case.
After the hack, Baltimore schools were forced to invest $10 million into repairs and upgrades to their cybersecurity systems. Fortunately, the school had a backup of their information saved in case of emergencies. While the backup was a year old, it at least provided Baltimore schools with a starting point to recover their data.
The company now uses an advanced network firewall, better anti-malware protection, and cloud-based servers that are no longer easily accessible.