Official: School systems at risk
After ransomware hack, Broward could spend $20M to protect itself
A ransomware attack by hackers demanding $40 million could lead the Broward School District to spend more than $20 million to help protect itself from cyber threats.
Phil Dunn, the district’s chief information officer, made dire predictions to the Broward School Board this week, saying employees may not get paid or schools may temporarily shut down if the district doesn’t get more protection. His request included money for extra staff, technology upgrades and security cameras.
“This organization is attacked by malware easily several thousand times a year” including
unsuccessful attempts, Dunn told the School Board on Tuesday. “When one of these attempts gets through, at best it’s highly disruptive. At worst, it completely stops everything.”
When School Board member Donna Korn questioned the spending, Dunn said, “There is a material high risk that if you do not address this issues, we have a high risk of missing payroll,.”
He warned the board that Buffalo Public Schools had a cyber attack last month that shut down classes, both online and in person for a week.
Broward was the site of an attack as well, but Dunn did not specifically address it with the board. On March 7, student information systems as well as other databases were down for several days due to the ransomware attack. Remote classes were briefly disrupted as well.
A transcript released by the hackers suggested that an unknown person representing the district offered $500,000 on March 27 to unlock the data. The hackers, who first demanded $40 million, would agree to no less than $10 million, the transcript showed.
Chief Communica- tions Officer Kathy Koch’s office said March 31, and again Thursday, that the district has no intent of paying ransom. The office wouldn’t comment about the $500,000 offer.
Statements from Koch’s office said the district does not believe student or employee data was breached, but the office won’t say what information may have been.
The district said it is working with cybersecurity experts and federal law enforcement.
Dunn is asking for $20.3 million for the next year, with about $17.5 million recurring annually. He said the school district’s technology budget, $76 million, has been cut about 20% during the past three years. At the same time, usage has quadruple due to remote learning during the pandemic. He said the district used to have one computer for every four students and now the ratio is1to1.
“We’ve been so cautious about spending money that we’ve failed to do the right thing,” board member Ann Murray said.
Dunn identified about $10 million in emergency needs, which are “things that have an extremely high risk, a near certainty of creating a systemwide disruption if not done.”
These include staff and equipment to update the district’s firewalls and replace vulnerable 20-yearold student information systems, as well as install cameras to reduce the risk of equipment theft at schools.
School Board members plan to discuss the proposals more in the coming months as they plan for the budget for the new school year.