Dear HSHMC Families,

Health Sciences High and Middle College uses an online learning platform called Canvas. Instructure, the parent company of Canvas, suffered a nationwide data breach that may have exposed personal information of students and educators. At this time there is no indication that passwords, dates of birth, or government identifying information were part of the data breach. The reports from Canvas made clear that there was no additional action the school could have taken to prevent the breach. The investigation is ongoing and if further details are made available the school will communicate accordingly.

Instructure’s Chief Executive Officer Steve Daly wrote: “On April 25, 2026, Instructure experienced a cybersecurity incident perpetrated by a criminal threat actor. We detected the attacker on April 29 and immediately revoked the access. On April 30, as the investigation expanded, we revoked additional suspicious access and addressed the underlying vulnerability. We have found no indicators of an ongoing threat.”

Despite the assurances from Instructure that the incident has been contained, we wanted to make you aware that this breach has provided unauthorized access information to some to Health Sciences High and College Families. Instructure is working with urgency to complete their investigation and evaluating additional security measures.

We take your safety and security very seriously. At the school,

• We will continue to take all the steps possible to further secure and protect your private information and prevent further unauthorized access or misuse.

• We will continue to provide you with any information or updates or recommendations that we receive from Instructure that may affect your personal information.

This incident is yet another reminder of the importance of cybersecurity to safeguard against scams. Always be aware of requests for information or unsolicited offers for products or services you receive from unknown sources. Be suspicious of any email that asks you to act, click a link, or divulge information immediately to claim a reward or avoid penalty. Always be aware of any emails that request sensitive information. Scammers often make offers that are too good to be true or try to scare you into taking action that divulges personal information.

Protecting our students is something we take seriously. With Instructure’s help, more information and resources will be provided to you as they become available. Thank you for your patience and understanding.