Breaking News

Ransomware attack confirmed to have disrupted MDH’s website

DIFFICULT. DAVID COLLINS HAS THE LATEST. >> STATE HEALTH APAMERTNT OFFICIAL SAY THEY ARE WORKING AROUND THE CLOCK ON THE PROBLEM. BUT WHEN WE ASKED FOR THE NUMBERS MANUALLY OR THROUGH A PRSES RELEASE, WE GET NO RESPONSE. THE LKAC OF PUBLIC INFORMATION HAS NOW CAUGHTHE T ATTENTION OF STATE LAWMAKERS. INFORMATION ON KEY COVID DATA POINTS IS A HUGE CASUALTY TO THE DECEMBER 3 CYBERATTACK ON THE STATE DEPARTMENT. IT HAS BEEN A WEEK SINCE GOVERNOR HOGAN PROVIDED LIMITED DETAILS ON THE PROBLEM. >> IT SLOW WNDO SOME OF THE POSTING OF THINGS ON WEBSITES. WE ARE ALL ABOUT TRANSPARENCY AND UPDATING THINGS. NONE OF THE DATA HAS BEEN COMPROMISED. KUENG’S THEY ARE STILL NOT REPORTING THE NUMBER OF CASES, TESTING, POSITIVITY RATE OR DE ATHS. WHEN WE ASK FOR THE MANUAL DATA OR THE NUMBERS IN A PRESS RELEASE, WE GOT NO RESPONSE. PAUL PINSKY SAYS THE LACK OF TRANSPARENCY IS TROUBLING. HE PLANS TO CALL THE GOVERNOR AND HEALTH DEPARTMENT OFFICIALS TO TESTIFY BEFORE THIS COMMITTEE. >> WE UNDERSTAND TREHE IS A COPPER MINES IN THEIR SOFTWARE AND POSSIBLY HARDWARE. BUT THAT DOES NOT MEAN THE PUBLIC SHOULD BE — SHOULD HAVE THEIR HEAD IN THE GROUND. >> AS SHOWN ON THE TAYOD SHOW, THE LACK OF INFORMATION MAKES MARYLAND LOOK LIKE IT IS DOING BETTER THAN THE REST OF THE COUNTRY. >> ABOUT 40 STATES LOOKING AT DOUBLE-DIGIT INCREASES IN COVID INFECTIONS. >>UT B CYBER SECURITY OFFICIALS YSA THAT A BREAKDOWN IS COMING. LOCAL GOVERNMENTS COUNT ON THE DATA TO MAKE CRITICAL DECISIONS. >> OUR VISION IS A LITTLE FUZZY. WE DON’T KNOW THE CASE RE.AT >> STATE HEALTH OFFICIALS SAY INVESTIGATIVE AND RESTORATNIO WORK CONTINUES AROUND THE CLOCK AND COVID SURVEILLANCE DATA HAS BEEN PARTIALLY RESTORED. >> ARE THE NUMBERS DOUBLING DO WE HAVE TO HAVE MORE HOSPITALIZATION OPTIONS? I KNOW THE GOVERNOR PUT OUT A PRESS RELEASE ABOUT AN EMERGENCY PLAN BUT WHAT ARE THE NUMBERS ? WHAT ARE THE STATISTICS AND WHY AREN’T WE BEING TD.OL THAT’S WHAT’S CONCERNING. >> HEALTH DEPARTMENT OFFICIALS SAY STATE HOUSE LEADERS AND MEMBERS OF THE BOARD OF PUBLIC WORKS HAVE BEEN BRIEFED ON THE CYBER ATTACK. A SOURCE FAMILIAR WITH THE BREATHING SAYS THE INFORMATION IS SPOTTY AT B

State confirms ransomware attack disrupted MDH’s website, ransom was sought

No evidence found of unauthorized access to, or taking of, state data

State officials provided an update Wednesday on the “network security incident” affecting the Maryland Department of Health’s website in December, confirming it was a ransomware attack.|| COVID-19 updates | Maryland’s latest numbers | Get tested | Vaccine Info ||Ransomware is a type of malware that prevents authorized users from accessing data and systems until an extortion payment is made.Video above: MDH: No evidence of any data compromised after cyberattack (Dec. 15, 2021)The state’s chief information security officer, Chip Stewart, said in a statement released Wednesday morning that the investigation continues and that the state did not pay any extortion demands and will not pay any such demand.| I-TEAM: Next steps in the fight against ransomware attacksStewart said the state could not address any possible motive. He said MDH was able to isolate and contain its systems within hours of first detecting the incident. As a result, the state has not, to this point, identified any evidence of unauthorized access or taking of state data.Stewart said that in the early morning hours of Dec. 4, MDH’s network team identified a server that wasn’t working properly and investigated the cause. The state activated its cybersecurity incident response plan, notified federal officials and brought in external forensic and other resources through the state’s cybersecurity insurance policy.Stewart said MDH took immediate containment action by isolating its sites on the network from one another, external parties, the internet and other state networks.| RELATED: MDH website back to operational after ‘network security incident’Because of this, MDH’s website — including the COVID-19 data dashboard — was shut down for more than a week and MDH did not publicly report COVID-19 testing numbers, volume, the positivity rate or deaths. Additionally, death certificates are not available to be distributed.Some services currently remain unavailable, Stewart said.”This was our decision and a deliberate one, and it was the cautious and responsible thing to do for threat isolation and mitigation,” Stewart said in the statement. “In order to protect the state’s network and the citizens of the state of Maryland, we are proceeding carefully, methodically and as expeditiously as possible to restore data and services.”Some of the COVID-19 data reporting continued on MDH’s dashboard by Dec. 20, and more data restoration came in the following days.MDH also initiated its continuity of operations plans in the hours immediately after the first incident was first detected on Dec. 4, MDH Deputy Secretary Atif Chaudhry said in the statement.Chaudhry said MDH migrated to Google Workspaces per a previous decision made by the state, which permitted access to online tools that allows MDH to continue to collaborate, save and share critical files.MDH also ordered additional equipment to implement the department’s continuity plans and modified business processes, including ordering 2,400 laptops, with an additional 3,000 being ordered this week. Additionally, MDH also ordered MiFi devices, printers and wireless access points to ensure employees have the equipment to do their jobs, Chaudhry said.| PDF: Read the statement in its entirety

State officials provided an update Wednesday on the “network security incident” affecting the Maryland Department of Health’s website in December, confirming it was a ransomware attack.

|| COVID-19 updates | Maryland’s latest numbers | Get tested | Vaccine Info ||

Ransomware is a type of malware that prevents authorized users from accessing data and systems until an extortion payment is made.

Video above: MDH: No evidence of any data compromised after cyberattack (Dec. 15, 2021)

The state’s chief information security officer, Chip Stewart, said in a statement released Wednesday morning that the investigation continues and that the state did not pay any extortion demands and will not pay any such demand.

| I-TEAM: Next steps in the fight against ransomware attacks

Stewart said the state could not address any possible motive. He said MDH was able to isolate and contain its systems within hours of first detecting the incident. As a result, the state has not, to this point, identified any evidence of unauthorized access or taking of state data.

Stewart said that in the early morning hours of Dec. 4, MDH’s network team identified a server that wasn’t working properly and investigated the cause. The state activated its cybersecurity incident response plan, notified federal officials and brought in external forensic and other resources through the state’s cybersecurity insurance policy.

Stewart said MDH took immediate containment action by isolating its sites on the network from one another, external parties, the internet and other state networks.

| RELATED: MDH website back to operational after ‘network security incident’

Because of this, MDH’s website — including the COVID-19 data dashboard — was shut down for more than a week and MDH did not publicly report COVID-19 testing numbers, volume, the positivity rate or deaths. Additionally, death certificates are not available to be distributed.

Some services currently remain unavailable, Stewart said.

“This was our decision and a deliberate one, and it was the cautious and responsible thing to do for threat isolation and mitigation,” Stewart said in the statement. “In order to protect the state’s network and the citizens of the state of Maryland, we are proceeding carefully, methodically and as expeditiously as possible to restore data and services.”

Some of the COVID-19 data reporting continued on MDH’s dashboard by Dec. 20, and more data restoration came in the following days.

MDH also initiated its continuity of operations plans in the hours immediately after the first incident was first detected on Dec. 4, MDH Deputy Secretary Atif Chaudhry said in the statement.

Chaudhry said MDH migrated to Google Workspaces per a previous decision made by the state, which permitted access to online tools that allows MDH to continue to collaborate, save and share critical files.

MDH also ordered additional equipment to implement the department’s continuity plans and modified business processes, including ordering 2,400 laptops, with an additional 3,000 being ordered this week. Additionally, MDH also ordered MiFi devices, printers and wireless access points to ensure employees have the equipment to do their jobs, Chaudhry said.

| PDF: Read the statement in its entirety

https://www.wbaltv.com/article/ransomware-attack-confirmed-maryland-department-of-health-website/38747147