Rebuilding after ransomware: Heartland Community College invests $1 million

The new investment follows a ransomware attack last October, but college leaders said the upgrades were a long time coming.
computers illustration
(Getty Images)

Following a ransomware attack last October that disrupted the operations of Illinois’ Heartland Community College, leaders approved a budget this month designed to rebuild defenses, but also to position systems to quickly adjust to future threats.

“We were looking at our back-end data management,” said Steve Fast, public information director of the central Illinois college. “When we had to take everything down and revert to backups, the thought was, do you want to put it back the way it was before or do you want to accelerate some of these projects?”

The ransomware attack at Heartland, as well as a general spike in cyberattacks on higher education, sparked a $1 million investment in cybersecurity in its budget this year. Fast said improvements to the community college’s cybersecurity were already outlined in its 10-year plan and the money to fund this year’s changes came from years of budget planning.

“The risk isn’t lessening — it’s going to increase,” Fast told EdScoop. “We had to accelerate some of the plans that we had as follow-up to the disruption to update or replace a number of our systems as we changed the way that we did things and when we got back online from the disruption. But that was all tied into what we had planned in the long term. As the methods and systems themselves remain evolving, we have to implement solutions that will allow us to not only build what we’ve already done but to make adjustments as conditions might change.”


The college’s systems were operating again a week after the attack, but college Chief Information Officer Scott Bross reportedly this month told trustees that some systems are still being restored. This was after the university said it reached out to more than 1,600 people to notify them that their data had been compromised by the attack.

Some of the improvements planned include multi-factor authentication, secure messaging, virtual desktop infrastructure and increased monitoring for phishing attempts.

“We have regular cybersecurity training every year. But sometimes those things can be pretty sophisticated, so we incorporated a different email filtering platform to assist with that,” he said.

Fast declined to comment on which measures were already in place and which were still to be implemented, which he said is “per best security practices.”

Cyberattacks are on the rise in higher education. California’s Sierra College last month experienced a systems outage due to ransomware activity. Iowa’s Des Moines Area Community College could not hold classes for more than a week because of an attack eventually identified as ransomware in June. And University of Massachusetts Lowell canceled classes because of a possible cyberattack this month.


According to a recent report by the cybersecurity company SonicWall, COVID-themed malware attacks spiked for the education industry in early fall as students returned to school. In terms of malware attempts per customer, education was the most-affected industry in the period from August 2020 through end of the year, according to SonicWall. The company’s researchers also found a 4% increase in encrypted attacks — attacks sent via the HTTPS protocol — across industries, while they increased 292% year-over-year in education, only second to the health care sector, where encrypted attacks rose 351%.

Latest Podcasts