Case Studies

Cyber Incident Response Case: Higher Education, FERPA

key takeaways

Primary Item (H2)Sub Item 1 (H3)Sub Item 2 (H4)
Sub Item 3 (H5)
Sub Item 4 (H6)

CLIENT’S CHALLENGE

A college with an enrollment of approximately 1,000 students was one of many higher education institutions hit with ransomware in 2022. While the school was not explicitly required to notify students and parents of the breach under FERPA, the U.S. Department of Education suggests notification as a best practice. And under some state laws, notification may be required. The challenge is that each state and has differing breach notification triggers. And FERPA has been amended and interpreted numerous times, making it difficult to determine what information is protected as part of an education record. Additionally, there were international notification requirements that had to be taken into account due to the enrollment of international students.

CYTREX CYBERS’ APPROACH

From the outset, we expected the density of the PII and PHI within the dataset to be highly reportable, and we weren't wrong. By talking with the client about our expectations and providing them with a dashboard within the first 24 hours of the dataset's contents, we quickly knew the exact data we were looking for and removed 78% of the dataset from downstream activities before we ever started. While we could reduce the size of the dataset, we still had to contend with the voluminous amount of reportable PII and PHI that spanned a ten-year timeframe. Ultimately, the entity list was four times larger than the client expected. Still, by using unique identifiers, we delivered a highly accurate entity list within our originally stated timeline and budget.

WHY CYTREX CYBER?

“You guys are the best at meeting the client where they are. And your style of communication works well for me.”

Get breach assistance now.

After a cyber breach, you need a team ready to hit the ground running. We’re here for you 24/7/365. That’s our promise.

Our incident response project managers, data analytics experts, and review specialists are seasoned professionals who understand the magnitude of the situation your company is facing and the related expenses.We are here to ensure timely, accurate notification of affected parties.

[email protected]

+1 877-998-0949

Services

Breach Review, Extraction, and Notification

Data Mining

Incident Response Project Management

Resources

Our Blog

About Us

Discover CyTrex

Get Started Now

CyTrex Cyber helps entities that need assistance managing a cybersecurity incident or that want to learn more about cyber breach management. Insurance carriers, law firms, businesses, government agencies, and educational institutions depend on us for cyber incident response support.