Directors unanimously agreed to hire Digital Forensic Solutions to conduct an audit and vulnerability assessment of the district's technology infrastructure at a cost not to exceed $15,250.
"We felt it would be important to audit us and give us some guidance as to if we're doing things enough or not enough, or if there are other hacks or things we can do to mitigate that happening to us," said board member Jeanne Smith.
The company will look at the district's technology infrastructure and recommend any necessary changes to make it more secure, Smith said. District officials previously added safety measures such as two-step verification to help secure the network.
Hempfield's vote came days after Butler County Community College closed in response to a ransomware attack on its computer systems. The school closed for two days, giving officials time to restore databases, servers, hard drives and other devices. A regional cybersecurity firm worked to restore information lost in the breach.
Area school districts have been disrupted by cyber attacks over the years.
A former Franklin Regional student in 2016 was charged after police say she launched a series of cyber attacks against more than a dozen local school districts, the Catholic Diocese of Greensburg and Westmoreland County government. In 2020, she was sentenced to serve two years on probation, a term that also required her to complete two months of house arrest.
Kiski Area School District in 2017 was the victim of an attack that resulted in administrators purchasing additional protection software for almost $29,000.
This year, companies were a major target for cyber attacks. In May, an attack forced the shutdown of a pipeline carrying gasoline and other fuel from Texas to the northeast.
JBS, the world's largest meat supplier, in June said its systems were coming back online after a cyber attack shut down U.S. and Australian operations.
Several other companies also were subject to cyber attacks this year including Brenntag, a chemical distribution company; computer manufacturers Acer and Quanta; the NBA's Houston Rockets; the European insurance company AXA; insurance company CNA; and Kaseya, a company managing IT infrastructure.
Between January and July 31, the FBI received 2,084 ransomware complaints resulting in more than $16.8 million in losses, an August report from the U.S. Cybersecurity and Infrastructure Security Agency found. That's a 20 percent increase in reported losses compared to the same period in 2020.
"We certainly don't want to have our students' or our parents' information stolen and held hostage and cost the district money," Smith said.
Hempfield's audit will begin when students leave for Christmas break, said Superintendent Tammy Wolicki.
"We're taking every possible measure to protect our technology," Wolicki said.
©2021 The Tribune-Review (Greensburg, Pa.). Distributed by Tribune Content Agency, LLC.
