dark reading threat intel and cybersecurity news

A cyberattack affecting the Maryland Department of Health (MDH) has been confirmed a ransomware attack, the departments of Health and Information Technology confirmed this week.

The attack, first described as a “network security incident,” was detected on Dec. 4, 2021. It took the MDH website offline and led to the removal of resources such as the pages people can access to apply for Medicaid or learn more about local nursing home safety. The incident also disrupted the state’s reporting of COVID-19 data.

Maryland CISO Chip Stewart released a statement on Jan. 12 to say that while an investigation is still ongoing, officials can confirm it was a ransomware attack. MDH was able to isolate and contain its systems within hours of first detecting it, he said. At the time of publishing, officials had not identified any evidence of the unauthorized access to, or acquisition of, state government data, he noted.

As part of the containment process, MDH isolated its websites on the network from one another, external parties, the Internet, and other state networks, Stewart said. Due to this approach, some services became unavailable, and some are still offline.

“I want to be clear: this was our decision and a deliberate one, and it was the cautious and responsible thing to do for threat isolation and mitigation,” he wrote in a statement. Often after a security incident, there can be pressure to quickly reconstitute services, Stewart added. “We are recovering with deliberate action to minimize the likelihood of reinfection,” he said.

Read Stewart’s full breach disclosure for more information.