IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Md. Officials: No Data Compromised in Health Dept. Site Hack

Last weekend, the Maryland Department of Health took its website offline after cyber criminals attacked the site. The site has been restored since, and officials say no data was stolen.

Maryland health department - use once only
The exterior of the State of Maryland Laboratories Administration Department of Health and Mental Hygiene building.
Meredith Cohn/Baltimore Sun
(TNS) — The Maryland Department of Health said Monday that there was “no evidence” any of its data had been compromised after a cyber attack forced the agency to take its website offline over the weekend.

“There is no evidence at this time that any data have been compromised,” department spokesman Andy Owen said in a Monday afternoon email.

“As part of the ongoing investigation into the network security incident that occurred, the Maryland Department of Health’s servers will remain offline out of an abundance of caution,” Owen said. “Data updates will resume as soon as possible.”

The attack, first reported Sunday, has halted the department’s reporting of Maryland’s COVID-19 statistics for two days, including new cases, deaths and hospitalizations from the virus.

In addition to leading the state’s response to the pandemic, the department also oversees programs and agencies unrelated to the coronavirus pandemic, including the Developmental Disabilities Administration, the Behavioral Health Administration and the Maryland Medicaid Administration, and logs cases of communicable diseases such as tuberculosis, syphilis and HIV/AIDS.

It remains unclear what health department systems may have been impacted by the attack.

The state health department announced in a tweet Monday night that the website had been restored and was back online as of 8 p.m.

Gov. Larry Hogan authorized the state to launch an “aggressive” response to counteract the incident, his spokesman, Mike Ricci, said earlier Monday. Legislative leaders will be briefed Tuesday, he added.

“There will be further updates as the incident response unfolds,” Ricci said in an email.

On Sunday, Owen said the health department, Maryland Department of Information Technology and Maryland Department of Emergency Management “are working closely with federal and state law enforcement partners to address the incident and to gather additional information.”

Joy Jiras, spokeswoman for the Federal Bureau of Investigation’s Baltimore field office said that office was aware of the cyber attack and communicating with the state health department about next steps.

Cybersecurity breaches and ransomware incidents have crippled state and local agencies and businesses in recent years, as more entities store information and data on computers and provide services online.

Attacks on Baltimore City government agencies, Baltimore County schools and the Greater Baltimore Medical Center disrupted critical functions and rendered some services unusable — delaying the collection of bills, canceling online classes, killing phone lines and delaying medical procedures, for example. Another data breach at the University of Maryland, Baltimore led to some students’ private information becoming public on the web earlier this year.

Health and government institutions are attractive targets for hackers, according to cybersecurity and information systems experts, since they often handle classified records and large transactions. Breaching those systems can have dire consequences but can be lucrative for the hackers.

The attacks have brought powerful entities “to their knees,” said Michael Greenberger, founder and director of the University of Maryland Center for Health and Homeland Security. Every state is vulnerable, he said, and as time passes, the attacks become more sophisticated and more intrusive.

“To the extent that bad guys are looking for money, government agencies may not be the best bet,” he said. “They’re providing lifesaving medical services, and they are dealing with critically sensitive information, and that makes them a very likely target.”

The details provided about the attack so far could be consistent with a ransomware-style attack, said Joe Carrigan, a senior security engineer at the Johns Hopkins University Information Security Institute. In ransomware attacks, the “bad guys” breach the system, encrypt data and ask for a ransom for the key to decrypt the data.

“The fact that they’ve disconnected parts of their network, it would seem, from the Internet might be an effort ... to get the bad guys out of the system before they can issue the commands to encrypt the data,” Carrigan said.

Regardless, the department should make its best effort to inform the public about what has been breached, Carrigan said.

“When you have an incident like this, you need to have a good communication plan on how you’re going to tell people what’s going on,” he said. “One of the reasons that you do that is because the void of not telling people what’s going on and this vacuum of information will get filled by speculation.”

Amy Goodwin, spokeswoman for the Maryland Hospital Association, said the organization has no details about the potential cyber attack, and has not heard of any “issues or concerns” from member hospitals.

Health departments are connected to a breadth of services and state programs that often share data and health information, said Dr. Georges Benjamin, a former Maryland health secretary and executive director of the American Public Health Association.

Usually there are firewalls to separate public information from individual patient and client records. But the protections against potential hacks should be made stronger in today’s “interconnected world,” he said.

“Such attacks disrupt the work of government and undermine public trust,” he said in an email.

©2021 Baltimore Sun. Distributed by Tribune Content Agency, LLC.