Cybersecurity

Cyberattack forces shutdown of Baltimore County schools for the day

The Baltimore County Public Schools (BCPS) system was forced to shut down classes on Wednesday after it was hit by a debilitating ransomware attack. 

“Due to issues with our network, all Baltimore County Public Schools and offices will be closed today,” the district tweeted Wednesday morning.

An hour later, BCPS tweeted that “we were the victim of a Ransomeware attack that caused systemic interruption to network information systems. Our BCPS technology team is working to address the situation & we will continue to provide updates as available. For now, please don’t use BCPS device.”

The website for the district, which has over 110,000 students and moved primarily to online classes during the COVID-19 pandemic, was also down Wednesday morning. 

Mychael Dickerson, BCPS chief of staff, tweeted a confirmation of the attack, and Dickerson later told The Hill that the school district was working with federal, state, and local officials to investigate the attack.

District officials said at a Wednesday afternoon press conference that Maryland’s Department of Information Technology and the Maryland Emergency Management Agency were among the organizations assisting. The Hill also reached out to the FBI for comment. 

Baltimore city’s school system, which serves around 83,000 students, also wrote in a notice on its website that students should “only use City-issued laptops or devices” and not personal devices or those issued by Baltimore County Public Schools. 

The city school system noted that students without a device it issued would be granted an excused absence from class on Wednesday. 

Ransomware attacks have become an increasing problem for schools and other critical groups during the pandemic. They involve an attacker gaining access to a system, encrypting it and demanding payment to unlock it. 

School districts in Miami-Dade County, Fla. and in Fairfax County, Va., have been among those hit by cyberattacks in recent months.

The Government Accountability Office (GAO) concluded in a report published last month that the increasing cyberattacks were leaving students “vulnerable to harm” due to the potential negative impact on the security of personal data. 

Capitol Hill has also taken notice of the increasing attacks on school districts, with Reps. Doris Matsui (D-Calif.) and Jim Langevin (D-R.I.) introducing legislation in October that would provide $400 million to help defend K-12 schools against cyberattacks. The legislation has not yet advanced.

-Updated at 3:45 p.m.