Maryland Dept. of Well being Responds to Ransomware Assault

A cyberattack affecting the Maryland Division of Well being (MDH) has been confirmed a ransomware assault, the departments of Well being and Info Expertise confirmed this week.

The assault, first described as a “community safety incident,” was detected on Dec. 4, 2021. It took the MDH web site offline and led to the removing of sources such because the pages folks can entry to use for Medicaid or study extra about native nursing dwelling security. The incident additionally disrupted the state’s reporting of COVID-19 knowledge.

Maryland CISO Chip Stewart launched a press release on Jan. 12 to say that whereas an investigation remains to be ongoing, officers can affirm it was a ransomware assault. MDH was capable of isolate and include its techniques inside hours of first detecting it, he mentioned. On the time of publishing, officers had not recognized any proof of the unauthorized entry to, or acquisition of, state authorities knowledge, he famous.

As a part of the containment course of, MDH remoted its web sites on the community from each other, exterior events, the Web, and different state networks, Stewart mentioned. As a consequence of this strategy, some companies grew to become unavailable, and a few are nonetheless offline.

“I need to be clear: this was our choice and a deliberate one, and it was the cautious and accountable factor to do for menace isolation and mitigation,” he wrote in a press release. Usually after a safety incident, there will be strain to rapidly reconstitute companies, Stewart added. “We’re recovering with deliberate motion to reduce the chance of reinfection,” he mentioned.

Learn Stewart’s full breach disclosure for extra info.

Leave A Reply

Your email address will not be published.