Critical services disrupted right before back-to-school season in (OSBA) Ohio School Board Association Ransomware Attack
The Ohio School Boards Association (OSBA), which represents over 700 school boards across Ohio, has fallen victim to a ransomware attack. The cyber attack was discovered on Thursday, severely impacting the organization’s operations just before the beginning of the new school year.
According to a letter sent to members by Kathy McFarland, CEO of OSBA, the ransomware attack was noticed on the association’s online infrastructure on Thursday. As a precautionary measure, OSBA immediately severed its connection to the internet to prevent the ransomware from spreading.
“The network breach quickly affected our normal operations,” said McFarland. Services offered by OSBA such as board and leadership training, legal and policy support, and advocacy have been limited due to the cyber incident.
In an interview with The Columbus Dispatch, McFarland emphasized the importance of OSBA’s role in supporting school districts, especially during a critical back-to-school period. “Our job is to make sure that they have what they need,” she said. “This attack shut that down, we’re unable to do what we need to do.”
As of Friday, OSBA emails and website remained inaccessible. McFarland noted in her letter that the organization does not typically store sensitive personal data like social security numbers or financial information. However, the scope of the ransomware attack is still under investigation.
OSBA has retained outside cybersecurity counsel and forensic IT specialists to look into the cause of the ransomware incident and assist with recovery efforts. However, McFarland told The Dispatch it remains unclear what specifically triggered the ransomware attack.
The ransomware attack on OSBA comes amid a rise in cyber attacks on Ohio organizations. Just last month, the city of Columbus was also hit by a ransomware incident that temporarily disrupted services like email and 911 dispatching. Cybercriminals later attempted to auction off stolen city data on the dark web after the city refused to pay a $1.7 million ransom demand.
This ransomware attack on the OSBA highlights the growing cyber security risks faced by all types of organizations, even those supporting important services for our communities like school districts. It remains critical for all sectors to strengthen defenses against these evolving ransomware threats.