Hundreds of students’ mental health records were posted to a “dark web” site following a ransomware attack of the second largest school district in the country, according to The 74 Million.
Los Angeles Unified School District’s students’ psychological evaluations were published to a “dark web” site by Vice Society, a Russian ransomware gang, following a ransomware attack that occurred in 2022, according to and investigation by The 74. The school district has not notified families that their student’s records, which detail families immigration status, potential child abuse and sexual misconduct allegations involving students, have been leaked. (RELATED: California School District Celebrates ‘Day Of Reading’ By Affirming ‘Transgender And Non-Binary Youth’)
“It’s deeply disturbing that an organization that you’ve entrusted with such sensitive information is either significantly delaying — or even hiding — the fact that individuals had very sensitive information exposed,” Doug Levin, national director of the K12 Security Information exchange, told the outlet.
In September 2022, the school district was hit with a ransomware attack which resulted in thousands of files being stolen, according to The Wall Street Journal. The district did not comply with any Vice Society demands made during the attack and continued school as normal.
Records made public by the hackers include notes on students with disabilities including that a student is in foster care “due to domestic violence in the home” and that another is “easily angered when he does not get his way,” The 74 reported. Other records reveal that a student wants to “become a police officer so that he can ‘arrest people because they do drugs'” and that one student had “been hitting other children or adults in a school environment.”
The school district is working to decide if the records made public are considered “medical information” and require families to be notified under law, according to The 74. While some student’s health records are covered under HIPAA, psychological evaluations are not, which could result in a Family Educational Rights and Privacy Act violation.
Students from Olive Vista Middle School return to campus on the first day back amid a dramatic surge in Covid-19 cases across Los Angeles County on January 11, 2022 in Sylmar, California. (Photo by FREDERIC J. BROWN/AFP via Getty Images)
Parents are concerned that the data breach could take funds away from school’s special education programs in order to handle legal matters, Ariel Harman-Holmes, a Los Angeles Unified School District parent of three disabled children, told The 74.
“I would rather have those funds go back into the schools and special education rather than spending a ton on litigation or settlements about privacy issues,” Harman-Holmes said.
The Los Angeles Unified School District did not immediately respond to the Daily Caller News Foundation’s request for comment.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.