A recent ransomware attack disrupted Maryland Department of Health (MDH) operations.
MDH says it detected unauthorized access to their multiple network infrastructure systems on December 4, 2021, and implemented several countermeasures to contain the incident, taking servers offline to protect the network. The state’s chief information security officer stood up an incident command structure with a focus on protecting the MDH network, conducting a forensic investigation, and restoring core services, MDH says.
“Because of the state’s aggressive cybersecurity strategy, and the use of MD THINK and other cloud-based services, many of the department’s core functions were not affected. There continues to be no evidence that any data were compromised,” an update says.
MDH continues to be “methodical and deliberate in restoring network systems while prioritizing health and human safety functions,” and remains actively engaged with both state and federal law enforcement partners as part of an ongoing criminal investigation.
Egress VP of Threat Intelligence, Jack Chapman, says, “State and local governments are facing a tidal wave of ransomware. Just last week, we saw threat actors target Bernalillo County, New Mexico, and now Maryland’s Department of Health has confirmed that it was targeted by ransomware last month. State government and healthcare organizations remain two of the most attractive targets for ransomware gangs and their affiliates — and to their eyes, the Department of Health is the best of both worlds! Hackers perceive these organizations to be more likely to pay a ransom to restore critical services for their citizens. Threat actors also know that during a pandemic, where resources are already under immense pressure, targeting healthcare organizations can maximize the chances of a ransom being paid. While it’s unclear what data the attackers have access to, we would advise the Department of Health and citizens to remain vigilant for follow-up attacks, including phishing, which could inflict further damage long after the initial attack is resolved.”