Update on the Network Security Incident That Prevented the Maryland Department of Health COVID-19 Portal From Being Updated in December

by Patrick Herron

The Maryland Department of Health has posted an update regarding the “network security incident” that caused its website to be offline several weeks last December, confirming that the incident was the result of a ransomware attack.

During that time the MDH was not able to update its COVID-19 portal with daily case rates, testing, and deaths.

Per the Maryland Department of Health:

A recent network security incident caused disruption to some of the Maryland Department of Health (MDH) operations.

The purpose of this page is to keep Marylanders informed on the progress we are making in our response to the incident. In addition, follow @MDHealthDept on Twitter for real-time updates and information.

Incident response and timeline

MDH experienced a service disruption on Dec. 4 as a result of a network security incident. While the investigation is ongoing—and is occurring on a parallel track to our restoration efforts—MDH can confirm that the incident was the result of a ransomware attack.

On Dec. 4, MDH detected unauthorized activity involving multiple network infrastructure systems. Immediate countermeasures were implemented to contain the incident, and servers were taken offline to protect the network. ​

The state’s chief information security officer stood up an incident command structure with a focus on protecting the MDH network, conducting a forensic investigation, and restoring core services.

Because of the state’s aggressive cybersecurity strategy, and the use of MD THINK and other cloud-based services, many of the department’s core functions were not affected. There continues to be no evidence that any data were compromised.

To prevent additional damage, we continue to be methodical and deliberate in restoring network systems while prioritizing health and human safety functions

We remain actively engaged with both state and federal law enforcement partners as part of an ongoing criminal investigation.

02.04.22 Incident SitRep Update

01.13.2022 DoIT MDH Remarks EHEA HGO Network Incident Briefing​​

View MDH Employee Network Security Incident FAQ

View Jan. 12 MDH and DoIT network security incident statements


You may also like

Leave a Comment


This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy