Maryland Chief Information Security Officer (CISO) Chip Stewart has released a report confirming the disruption to Maryland Department of Health (MDH) services due to a ransomware attack.
A security breach was discovered on the morning of December 4, 2021, and quick action was done to isolate the affected server and control the cyberattack. Stewart stated the Department of Information Technology was able to separate and contain the affected systems in just a couple of hours, restricting the severity of the ransomware attack. Due to this quick response, evidence of the unauthorized access to or acquisition of State data has not been identified yet to this stage in the ongoing investigation as stated by Stewart in a January 12, 2022 statement.
As per Stewart, there was a distributed-denial-of-service (DDoS) attack attempt immediately after the ransomware attack; nevertheless, that attack did not succeed. Proof collected in the course of investigating the ransomware and DDoS attacks shows they were performed by different threat actors.
Stewart stated he sent the incident report to the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), initialized the state’s cybersecurity insurance policy through the State Treasurer’s Office, and called in third-party forensic experts to help in the investigation and response and recovery work.
The response to the ransomware attack required for systems to be taken off the web, sites on the network was isolated from each other, and external access to resources over the web and by third parties was discontinued. The containment strategy restricted the ability of state workers to utilize computers and access shared sources and about a month after the ransomware attack a few services continue to get an interruption. Although the response and recovery tactic has resulted in continuing disruption, Stewart mentioned this solution was required to safeguard the state’s system and the residents of the state of Maryland and was crucial to avoid reinfection.
Atif Chaudhry, MDH Deputy Secretary for Operations, mentioned a serious emphasis after the attack was to make sure of business and service continuity, which concerned employing the FEMA Incident Command System (ICS). In this ICS system, a Unified Command Structure is formed to deal with the incident. This allows MDH and DoIT to work together to handle and address all incident-related issues. DoIT gives the technical support and is leading the network safety and IT system recovery initiatives.
MDH experienced a scarcity of equipment following the attack, which meant personnel had to share computers at the workplace. To handle the situation, Chaudhry reported MDH purchased 2,400 laptop computers and another 3,000 will be bought this week. More IT equipment like wireless access points and printers were also purchased to make certain workers have the equipment needed to perform their work. Additionally, substitute processes were carried out to make certain staff can offer the most important demands of the public, which include moving to Google Workspaces. Google Workspaces has offered workers a selection of online tools that are not affected by the ransomware attack making sure that personnel can team up and save and share important information.
The attack has brought about interruption to the state’s pandemic response. On January 12, 2022, MDH reported it had recovered about 95% of state-level surveillance information and it is working to reestablish all the COVID-19 datasets. Reports are going to be updated as soon as possible.