NMHU nears a week of canceled classes because of ransomware attack
- Oops!Something went wrong.Please try again later.
- Oops!Something went wrong.Please try again later.
Apr. 8—A ransomware attack that has affecting New Mexico Highlands University for nearly a week so far has caused officials to cancel classes through Tuesday.
It's the latest in a string of cyberattacks targeting state entities.
New Mexico Highland's Information Technology Services department identified a technology issue on April 3, verifying a few days later that the network issue stemmed from a ransomware attack.
The hack caused the Las Vegas, New Mexico, university to cancel all classes from Wednesday afternoon, through Tuesday, as of Monday afternoon.
The attack was identified on the server that operates the college's internal portal for staff, students and faculty, university spokesperson David Lepre said, which is necessary in order to conduct classes.
Lepre said a majority of the campus also accesses payroll through the college's network, so New Mexico Highlands set up a help center for people to log their time via phone instead. The university is working to make sure employees and student employees get paid on time, according to an online page with updates on the cyberattack.
New Mexico Highlands is still investigating the ransomware attack and then can start mitigation work once officials know the full extent of the hack, Lepre said.
He said the university has been working with the state's Department of Information Technology and the Higher Education Department to resolve the issue.
"We're just working as fast as we can to restore service as soon as possible to the campus community," he said.
There should be another update from the university on the status of the attack Tuesday afternoon, Lepre said.
He said that according to New Mexico Highlands University's vendors, which specialize in cybersecurity and mitigation, the school isn't the first state entity to be attacked by this specific group. He said he personally didn't have the name of the entity and it wouldn't be in the public interest to publicize it anyway.
Last week, Gov. Michelle Lujan Grisham issued an executive order focused on enhancing cybersecurity protection among state agencies. She wrote in the order that "a surge in cybersecurity breaches and hacks poses a severe threat to the integrity of sensitive information held by state agencies."
The order directs the state's IT department to conduct IT and security assessments on state agencies. By Nov. 1, state agencies have to comply with specific security protocols from the National Institute of Standards and Technology.
In the order, Lujan Grisham encouraged public bodies that weren't required to follow the cybersecurity rules to do so anyway.
"Cybersecurity is not just a technological issue; it's a matter of public safety and national security," Lujan Grisham said in a statement. "That's why I've taken decisive action to fortify the resilience of our state agencies against potential cyber intrusions."
A cybersecurity measure was one of the few bills that got through lawmakers in the most recent Legislature but not the governor. It was one of two pocket-vetoed bills.
Sen. Michael Padilla, D-Albuquerque, previously told the Journal if he's reelected, he plans to introduce a larger, more comprehensive IT package next year that would include the 2024 session bill, which he believed needed more work.
