Minnesota schools must report cybersecurity incidents under new law

Anna Merod reports:

Dive Brief:

Minnesota public school districts, charter schools and colleges must now report cybersecurity incidents such as ransomware or network attacks under a newly enacted state law.

The information that schools report to Minnesota will not be shared publicly, unlike with similar statewide data breach reporting requirements in California and Maine.

Instead, the information will be anonymized and shared with “appropriate organizations” — with the goal of helping officials understand how security controls are bypassed and providing support for network protection.

Read more at K-12 Dive.

How about requiring school districts to notify employees and parents of students whose information has been accessed or acquired?

ModMed revealed they were victims of a cyberattack in July. Then some data showed up for sale.
Protected health information of 462,000 members of Blue Cross Blue Shield of Montana involved in Conduent data breach
Resource: NY DFS Issues New Cybersecurity Guidance to Address Risks Associated with the Use of Third-Party Service Providers
TX: Kaufman County Faces Cybersecurity Attack: Courthouse Computer Operations Disrupted
Attorney General James Announces Settlement with Wojeski & Company Accounting Firm
JFL Lost Up to $800,000 Weekly After Cyberattack, CEO Says No Patient or Staff Data Was Compromised

Related: