Cyber Incident Victim: Morehead State University

On or around July 1, 2023, Morehead State University experienced a significant cyber incident that impacted a portion of its technological infrastructure. The university administration, led by President Jay Morgan, took immediate and decisive action to contain the event, which involved proactively taking down internet services, websites, and servers affiliated with the institution. This preventative measure was implemented to limit any potential damage that could spread from the initial point of compromise, demonstrating a cautious approach to safeguarding the broader network environment. The incident was characterized by its effect on a finite number of computers located on the university campus, which were specifically targeted and subsequently affected by the attack. In response to the discovery of the security breach, the university's Information Technology staff initiated a comprehensive effort to address and resolve the technical issues stemming from the event. These IT professionals worked diligently alongside external vendors and partners to diagnose the problem, mitigate the immediate threats, and begin the process of restoring normal operations in a secure and controlled manner.

A critical aspect of the university's containment strategy was the isolation of the specific computers that were confirmed to have been affected by the cyber attack. By disconnecting these compromised machines from the network, the IT team aimed to prevent any lateral movement that could allow the threat to propagate to other systems and devices within the campus infrastructure. This step was crucial for minimizing the overall impact and for protecting the integrity of the university's data assets. At the time of the reporting, university officials were able to state that no personal data had been compromised as a result of the incident. This declaration indicated that, based on their initial investigation, the attack had not successfully exfiltrated sensitive personal information belonging to students, faculty, or staff, which was a positive development amidst the otherwise disruptive event. The university continued to assess the situation to verify this initial finding and to ensure no data loss had occurred.

The cyber incident caused considerable disruption to the normal academic and administrative functions of Morehead State University. With core internet services, websites, and servers deliberately kept offline, the campus community faced challenges in accessing digital resources and conducting university-related business online. To maintain some level of communication, students discovered that they could access their university email accounts through alternative means, such as on their personal smartphones and from off-campus computers that were not connected to the affected university network. This provided a vital channel for receiving updates from the administration and for maintaining contact with instructors during the outage. The university officials actively encouraged all students and personnel to leave any on-campus computers physically disconnected from all university networks. This directive was part of the systematic plan to allow IT staff to work through the technical issues without the risk of reigniting the incident through an accidental connection.

In recognition of the ongoing technical difficulties, the university's administration took steps to mitigate the impact on the academic progress of its students. MSU instructors were formally asked to adapt their teaching plans and to provide students with assignments that did not depend on the use of technology located on campus. This adjustment was necessary to ensure that learning could continue despite the widespread unavailability of online platforms, digital libraries, and computer labs. The request underscored the extensive reliance on technology within modern educational institutions and highlighted the significant academic disruption that can result from a cyber security event. The office of the president committed to providing the university community with more information as it became available, promising ongoing transparency throughout the recovery process. This commitment to communication was essential for keeping students, faculty, and staff informed of the latest developments and the anticipated timeline for a full restoration of services.

The response to the cyber attack showcased a coordinated effort between the university's internal IT department and external cybersecurity vendors. This collaboration was key to addressing the complex technical challenges presented by the incident. The diligent work of these teams focused on identifying the root cause of the breach, eradicating any malicious presence from the network, and fortifying systems against future attacks. The process of systematically working through each technical issue required methodical and careful execution to avoid further complications. The university’s leadership emphasized a methodical and security-first approach to recovery, prioritizing the long-term stability and safety of the IT environment over a rushed return to normal operations. This incident at Morehead State University serves as an example of the type of disruptive events that educational institutions face in the current digital landscape, where cyber threats can directly impact the core mission of teaching and learning. The full scope and specific nature of the attack, including the exact threat vector used by the adversaries, were not detailed in the immediate public statements, as the investigation was likely ongoing and critical facts were still being established by the technical teams involved in the response effort.