San Diego Unified students’ medical data was compromised in fall cybersecurity breach, school district says

An October data breach of the San Diego Unified School District’s network involved students’ medical information, the district told families in a letter this month.

Dennis Monahan, executive director of risk services for the district, said an investigation of the breach showed that the names and medical information of students were compromised.

Staff and students were issued new passwords.

San Diego Unified officials first notified families of the incident in early December, saying a third party had accessed some of its systems Oct. 25.

District officials said staff quickly secured the network, launched an investigation and notified law enforcement. No safety or emergency mechanisms were affected, the district said.

Monahan said officials have implemented additional security measures to enhance network protocols.

District spokeswoman Maureen Magee said the investigation is continuing and that the district is working to notify those affected as it identifies them.

The district did not respond to questions about how many students had been affected, whether staff data also may have been compromised and how the security measures have been enhanced.

The breach was neither the first nor the last at California schools in recent months.

A ransomware attack targeting the Los Angeles Unified School District in September prompted an unprecedented shutdown of its computer systems. The district required its 540,000 students and 70,000 employees to change their passwords after the attack.

And in February, a cybersecurity incident caused a massive systems outage in the Sweetwater Union High School District in San Diego County. The district said at the time that no students’ data appeared to have been compromised, but it was still investigating whether staff data may have been.