Watch CBS News

Maryland Department Of Health Confirms Ransomware Attack Caused Disruption In COVID-19 Data Last Month

BALTIMORE (WJZ) -- A disruption last month in the Maryland Department of Health's reporting of COVID-19 data was in fact a ransomware attack, the state's Chief Information Security Officer Chip Stewart said Wednesday.

Such cyberattacks lock administrators out of their data and systems and demand payment to restore operations. Baltimore City, Greater Baltimore Medical Center and Baltimore County Public Schools are just some of the local public entities that have faced similar attacks in recent years.

In early December, the state health department was unable to report COVID-19 data following a cyberattack. The agency attributed the lack of updates to a "server outage."

The cyberattack also took away resources the agency's website normally has available, including pages inviting Marylanders to apply for Medicaid, get data on local nursing home safety, and order free at-home testing for sexually transmitted infections.

By Dec. 10, state health officials were able to report some COVID-19 data, such as hospitalizations, but all the topline metrics were not fully restored until Dec. 20, following a two-week hiatus.

"At this time, we cannot speak to the motive or motives of the threat actor," Stewart said Wednesday. "That said, both law enforcement and cybersecurity authorities have observed that health and hospital systems are increasingly being targeted by malicious actors during the pandemic."

The state government did not pay the ransom demand, Stewart said.

Once the attack was detected on Dec. 4, Maryland Department of Health staffers were able to isolate their systems within a few hours, Stewart said.

After the issue was flagged as a suspected ransomware attack, the Maryland Department of Information Technology, Maryland Department of Emergency Management, Maryland State Police, governor's office and Maryland National Guard were notified. Both the FBI and Department of Homeland Security were also alerted of the attack, Stewart said.

"It is in part because of this swift response that we have not identified, to this point in our ongoing investigation, evidence of the unauthorized access to or acquisition of State data," Stewart said.

Maryland Department of Health Deputy Secretary Atif Chaudry said the agency implemented Continuity of Operations Plans so the department could carry out "essential functions," such as life-safety services.

In a Jan. 11 update, the state health department said it had restored 95% of state-level data following the "network security incident."

Stewart said state officials have intentionally left some systems offline.

"All too common are stories of organizations that had to restart recovery efforts because of this, sometimes more than twice," he said. "We are recovering with deliberate action to minimize the likelihood of reinfection."

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.