Riverview School District securing devices, network following cyber breach

Riverview School District announced Friday it is regaining use of its computer network after a breach this week, but it is not known whether any sensitive data was accessed.

In an email to families, Superintendent Neil English stated the investigation into Tuesday’s breach is ongoing, and the district’s technology department is working with specialists to rebuild and fortify the network.

“As a result of these efforts, we were able to keep school open, our systems functional, and regain access to staff and student email, files and important technology applications in the classroom,” English said. “At this time, we have no evidence of identity theft or fraud as a result of this event.”

District students still don’t have unlimited access to the internet or Wi-Fi, and they were asked to bring in their school-issued devices Thursday so new software and security updates could be downloaded.

In his correspondence to parents, English said the first priority was to restore communication and educational technology typically used in the classroom. The district slowly rolled out email as well as limited applications and websites for staff to begin to reintegrate into classes, he said.

The district appears to be the latest victim of a growing and costly threat of school computer breaches.

According to the U.S. Government Accountability Office, 647,000 American students were affected by ransomware attacks in 2021, though it’s unclear what type of issue Riverview faces.

Response costs can range from $50,000 to $1 million, including replacement computer hardware and enhanced security protections, the GAO report found. Learning loss can stretch up to three weeks as network disruptions linger, with full recovery taking as long as nine months.

Elementary and secondary schools are the most targeted industry for cyberattacks, edging out construction, government and health care, according to Forbes.com. Cybersecurity firm Emsisoft estimated that 45 school districts were attacked in 2022. That number climbed to 108 last year.

Just last week, the Scranton School District in Lackawanna County was targeted in an online attack. The district posted to Facebook about a ransomware attack that caused outages and disruptions to its system. It has yet to fully recover.

Hackers have become so skilled that frequently stolen data such as Social Security numbers no longer command a lucrative price, according to cybersecurity expert and Oakmont resident Dennis Underwood.

As CEO of Cyber Crucible, Underwood often works with schools to implement his firm’s software. Student data can comprise sensitive information, such as mental and behavioral health records, making schools attractive targets for hackers, he said. They’ll even go as far as calling parents to pressure schools into paying a ransom.

“The real value for these extortionists, it really comes down to forced embarrassment, to force payment to make the problem go away,” Underwood said. “Who Riverview is actually dealing with right now is probably a reseller of a ransomware piece of malware.”

Hanan Hibshi, a professor at Carnegie Mellon University’s Information Networking Institute, doesn’t discount the possibility of a student being behind the incident, perhaps testing their skills by working around a firewall.

“Sometimes, if a student does that, they’re trying to do that for fun or to learn,” Hibshi said, noting schools can even have these students hunt for network vulnerabilities in a controlled environment to strengthen security.

Regardless of the source, Hibshi said, it’s important for entities to have a plan in place for breaches, knowing whom to contact and how to shut down a network until it can be safely reopened.

“When something happens, they can go to the plan until someone jumps in and helps them a bit with the investigation,” Hibshi said.

In Riverview’s case, it’s unknown whether any level of law enforcement has been notified. Oakmont police and Pennsylvania State Police said they’re not part of the investigation. The FBI declined to comment on potential involvement as a matter of policy.

FBI spokesperson Bradford Arick did, however, note that victims of cybercrimes should contact the agency.

Fewer than 10% of cyberattacks get reported to law enforcement, according to Underwood. Even then, reports often are used to search for patterns across attacks, rather than a direct response.

Likely, incident response will come down to a team of private experts, Underwood said. This can put districts in a fiscal bind, forcing them to make cuts or issue bonds to make up the difference. He also noted that it’s not unusual for victimized organizations to limit public information during this time, as Riverview School District has done.

While smaller schools may find it difficult to protect themselves, there are affordable resources available. For example, discounted cybersecurity software is available for Pennsylvania schools to purchase through the Lancaster-Lebanon Intermediate Unit 13.

According to Hibshi, simple steps such as password protection and sharing insights with other districts can go a long way.

“Not every school will have the budget to get the most expensive security consultant service, but they can get an expert here and there who can review their systems and give them the best practice for those systems,” Hibshi said.

Tawnya Panizzi and Jack Troy are TribLive staff writers. Tawnya can be reached at tpanizzi@triblive.com. Troy can be reached at jtroy@triblive.com.