MD Department of Health Systems Down 1 Month After Ransomware Attack

January 13, 2022 - The Maryland Department of Health (MDH) is still trying to recover from a December 4 cyberattack that disabled multiple network infrastructure systems. The cyberattack has impacted state health workers’ ability to access shared drives, gather COVID-19 data, and use computers and other resources, The Washington Post reported. Officials confirmed on January 12 that the incident was the result of a ransomware attack. 

The AFSCME Maryland Council 3 union has expressed frustrations over the health department’s handling of the situation and severe lack of communication.

“They have very limited resources in terms of computers, et cetera, so people are having to share computers at work,” Patrick Moran, president of AFSCME Maryland Council 3, told The Washington Post in an article published on January 8.

“Some people aren't able to access anything just because there's just not enough equipment.”

Moran said that the system downtime has impacted pandemic response, caring for patients in state mental hospitals, providing Medicaid benefits, and licensing healthcare workers.

“No one has received communication as to when things will be restored, and people are preparing to operate this way for several months,” Moran continued. “None of our members have been told anything.”

The health department’s website states that approximately 95 percent of state-level COVID-19 surveillance data has been restored, but the department is still working to reinstate the full COVID-19 dataset.

Meanwhile, organizations that process RN licensing and other vital services have been left in the dark as to when their systems will be fully operational again. Many state workers still do not have access to their work computers and have resorted to using their personal computers, Maryland Matters reported. 

Following these grievances, on January 12, the Maryland Departments of Health and Information Technology provided a long-awaited update, confirming that the network security incident was the result of a ransomware attack. 

"At this time, we cannot speak to the motive or motives of the threat actor," Chip Stewart, Maryland chief information security officer explained in the statement.

"That said, both law enforcement and cybersecurity authorities have observed that health and hospital systems are increasingly being targeted by malicious actors during the pandemic."

Stewart explained that MDH was able to isolate and contain its systems within hours of the attack. 

"At my direction and in accordance with our standard procedures for incident response, MDH took immediate containment action by isolating their sites on the network from one another, external parties, the Internet, and other State networks," Stewart continued.

"As a result of this containment approach, some services were rendered unavailable and some remain offline today. I want to be clear: this was our decision and a deliberate one, and it was the cautious and responsible thing to do for threat isolation and mitigation."

Atif Chaudhry, MDH deputy secretary, emphasized in the announcement that MDH is focused on business continuity. Chaudhry said MDH ordered 2,400 laptops and will order 3,000 more this week. MDH also ordered printers and wireless access points to ensure that employees have what they need to do their jobs. 

On the afternoon of January 13, the state lawmakers will gather for a hearing to gather more information about the nature of the attack and recovery timeline. Aside from portions that will be held in a closed session to protect the integrity of the ongoing investigation, the hearing will be open to the public.

There is currently no evidence that any data was compromised as a result of the breach, but the investigation is still ongoing.