Patrick Henry Board reviews new cybersecurity requirements | News
Patrick Henry Board reviews new cybersecurity requirements | News
https://www.northwestsignal.net/news/article_1d8f5f67-b115-4d4f-a2ee-2ce6062298bb.html
Publish Date: 2026-02-24 00:00:00
Source Domain: www.northwestsignal.net
Using an unordered list, summarize the following article with between 4 and 8 key points.
HAMLER — The Patrick Henry Board of Education met Monday with the evening’s primary presentation coming from Technology Director Dustin Ruffell, who addressed the board regarding Ohio House Bill 96 and the district’s required adoption of a formal cybersecurity program.Ruffell explained that House Bill 96, passed last year, establishes three requirements for political subdivisions audited by the state, including school districts. The first requires each entity to implement a basic cybersecurity program. The details of which were later shared with the board during executive session to better safeguard any potential exploits.The second mandates reporting any cyber incidents to the Ohio Cyber Integration Center and the Auditor of State. According to Ruffell, none have occurred within the school district since this requirement came into effect.The third requires a governing board, such as a school board, to pass a resolution before paying any ransom demand in the event of a cyberattack. The state also recommends against paying any such potential ransom demand. The district has not faced such a choice.Ruffell said the district’s immediate focus is on the first requirement, formally adopting a cybersecurity program. The compliance deadline is July 1 for school districts.According to Ruffell, the required program must identify critical functions and risks, assess the potential impact of breaches, implement threat detection mechanisms, establish incident response procedures, plan for recovery and continuity of operations, and define employee training requirements.Specific technical details of the cybersecurity plan will not be made public in order to avoid providing useful information to potential attackers.Ruffell said the district has been proactively strengthening its cybersecurity posture for more than three years. Efforts have included multi-factor authentication, student data privacy safeguards, vulnerability management, endpoint security controls, disaster recovery planning and staff training.He has also participated in state-led cybersecurity training and webinars and recently completed certification work to evaluate the district’s compliance with nationally recognized cybersecurity standards.When asked about his biggest concern, Ruffell responded that having the cyber security program, “Not fully implemented,” remains his primary concern.
