Interruption to Maryland Department of Health Services Persists a Month After Ransomware Attack

Maryland Chief Information Security Officer (CISO) Chip Stewart has given an announcement stating the disruption to Maryland Department of Health (MDH) services because of a ransomware attack.

A data breach was noticed in the first hours of December 4, 2021, and immediate action was undertaken to isolate the breached server and restrict the attack. Stewart stated the Department of Information Technology was able to separate and limit the impacted systems in a few hours, confining the seriousness of the attack. Because of this fast response, proof of the unauthorized access to or stealing of State data has not been determined yet to this phase in the ongoing inquiry as explained by Stewart in a January 12, 2022 announcement.

In accordance with Stewart, there was a distributed-denial-of-service (DDoS) attack attempt soon after the ransomware attack; nonetheless, that attack did not push through. Data accumulated at the time of looking into the ransomware and DDoS attacks reveals they were carried out by other attackers.

Stewart stated he submitted the attack report to the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), set off the state’s cybersecurity insurance plan through the State Treasurer’s Office, and involved third-party forensic specialists to aid in the investigation and response and restoration initiatives.

The reaction to the ransomware attack demanded systems to be taken off the internet, websites on the network were separated from one another, and external access to assets via the internet and by third parties was stopped. The containment process confined the capability of state personnel to work with computers and access shared information and over one month after the ransomware attack a number of services still have an interruption. Though the response and recovery process has led to continuing disruption, Stewart explained this procedure was essential to secure the state’s system and the people of the state of Maryland and was critical to avert reinfection.

Atif Chaudhry, MDH Deputy Secretary for Operations, mentioned the main aim after the attack was to make sure of business and service continuity, which required using the FEMA Incident Command System (ICS). With this ICS system, a Unified Command Structure is created to deal with the incident. This enables MDH and DoIT to work together to deal with and address all incident-related concerns. DoIT offers technical assistance and is leading the network protection and IT system recovery work.

MDH encountered a deficiency of equipment after the attack, which meant workers needed to share PCs in the office. To handle the issue, Chaudhry reported MDH bought 2,400 laptops and an additional 3,000 will be purchased this week. Some other IT equipment including wireless access points and printers were likewise bought to make sure personnel have the equipment required to carry out their tasks. Furthermore, option processes were enforced to make certain staff can deliver the most immediate necessities of the public, such as switching to Google Workspaces. Google Workspaces has given staff a collection of online resources that are untouched by the ransomware attack guaranteeing that workers can team up and save and share vital data.

The attack has created interruption to the state’s outbreak response. On January 12, 2022, MDH claimed it had regained approximately 95% of state-level monitoring information and it is working to bring back the entire COVID-19 dataset. Reports are going to be kept up to date as quickly as possible.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at