Dive Brief:
- Two community colleges, Lewis and Clark Community College in Illinois and Butler County Community College in Pennsylvania, started the week closed as they recover from separate cyberattacks.
- Lewis and Clark Community College told students via Facebook that all of its campuses will be closed throughout the week to give the school's IT systems time to recover from a "cybersecurity event." The school enrolls about 4,700 students.
- Meanwhile, Butler County Community College canceled remote classes and closed its main campus and other locations Monday and Tuesday while it restores databases, hard drives, servers and other devices affected by a recent ransomware attack, it announced Sunday.
Dive Insight:
The closures illustrate the heightened risk of cyberattacks faced by colleges, which house reams of sensitive employee and student data. Attacks bring financial and operational risks, as schools often have to cancel classes as they recover their systems and restore security.
A Lewis and Clark representative told Higher Ed Dive via Facebook that the school had limited information to share Monday. In online posts, the school told employees and students to remain off campus until further notice.
"Out of an abundance of caution, all Lewis and Clark systems will remain offline as we continue to investigate the cybersecurity event and work to recover all critical systems," the school said in a Facebook post on Sunday. "We appreciate everyone's patience as crews continue to work around the clock to restore and monitor the safety of all systems before we bring services back online."
Butler County Community College's IT division noticed widespread difficulties last week, according to a school announcement. Officials believe the attack originated Nov. 19, and the IT division notified the campus community on that date that it needed to perform maintenance on some of the college's servers.
The college, which enrolls roughly 3,000 students, is working with a regional cybersecurity firm to restore information.
James Hrabosky, the school's VP for administration and finance, did not immediately respond to Higher Ed Dive's request for comment Monday. But Hrabosky said in an announcement Sunday that the college's IT staff "worked extensively over the holiday break to address the issue."
These events are becoming more common. Earlier this year, the FBI warned education institutions about a rise in ransomware. And in 2020, colleges and universities were the victims of at least a dozen ransomware attacks, according to an Emsisoft analysis.
Ransomware attacks can be costly for colleges. In one recent case, the University of California San Francisco paid hackers $1.1 million to regain control of some of its hijacked servers. Although federal authorities advise against paying ransoms, the amount the university paid is likely much lower than what it would have spent recovering its data.