Nantucket Public Schools fell victim to a ransomware attack at the end of January, which forced the early dismissal and subsequent cancellation of the next school day at their four public schools.
"Earlier this morning, we discovered that Nantucket Public Schools computer systems were compromised by Ransomware," wrote Superintendent Elizabeth Hallett in a statement to the community. "All student and staff devices have been shut down, and our safety and security systems, including phones and security cameras, are also disabled."
The school district warned parents and students not to use school-issued devices at home, "until further notice, as it could compromise home networks," they wrote.
"A continuing drumbeat of cyber intrusions is threatening the nation’s ability to educate our children while also placing personal information and school data at risk," wrote the Cybersecurity and Infrastructure Security Agency (CISA) in their "K-12 Protecting Our Future Report", released at the end of January.
The report and supplemental toolkit include a framework of recommendations that, as they note, must be taken into consideration at the administrative level, not just the IT level. That doesn't just stop at education, however. IT cybersecurity in 2023 needs to be a discussion at the top levels of every organization, not just public education.