Gov. Lawrence J. Hogan Jr. (R) speaks to members of the press on Wednesday in the State House, alongside Keiffer Mitchell Jr., his chief legislative officer. The governor and top technology officials confirmed that the Dec. 4 attack against the Maryland Department of Health’s network was an act of ransomware. Photo by Bruce DePuyt.
Gov. Lawrence J. Hogan Jr. and top Maryland Department of Health officials acknowledged for the first time Wednesday that the perpetrators of the attack on the agency’s computer system sought a ransom payment from the state.
The state has not paid those responsible for the attack, Hogan (R) said.
“Unlike Texas and I think a couple of other dozen states, we haven’t lost hundreds of millions of dollars, and we haven’t compromised millions of peoples’ data,” he said. “But it’s a big issue. It’s a ransomware attack and they’re targeting health departments across the country.”
Prior to Wednesday’s announcement, officials would only refer to the Dec. 4 attack on the agency’s network as an “incident.” On Wednesday morning, Maryland Matters published a report on the broad impacts the outage continues to have on the state health department and the 24 local health departments who work closely with MDH.
“While the investigation is ongoing — and occurring on a parallel track to our restoration efforts — we can confirm this much today: this was, in fact, a ransomware attack,” said Maryland Chief Information Security Officer Chip Stewart in a statement. Stewart described the unidentified attackers’ demand as “an extortion payment.”
Ransomware attacks, which frequently originate overseas, prevent government agencies and businesses from accessing their own information and data systems until the entity under siege makes a payment.
Stewart said that the state has not made any such payment and, at his recommendation “after consulting with our vendors and state and federal law enforcement, will not be doing so.”
Law enforcement and cybersecurity authorities have observed that health and hospital systems are increasingly being targeted by malicious actors during the pandemic, Stewart said.
For nearly six weeks, the Department of Health and local health authorities have been struggling to recover from the ongoing repercussions of the attack. Hogan and state health and cybersecurity officials have been tight-lipped about the investigation.
Atif T. Chaudhry, the deputy secretary of operations for the Department of Health, said that the agency and the Department of Information Technology are working closely to resolve the remaining problems caused by the attack, and are coordinating with the federal government.
Stewart said Wednesday that “to this point” in the ongoing investigation, there has been no evidence that state data was compromised.
On Thursday, the House Health and Government Operations and Senate Education, Health and Environmental Affairs — along with the Joint Committee on Cybersecurity, Information Technology and Biotechnology — will hold a hearing online at 1 p.m. to learn more details about the attack. Some of the hearing could be held offline, to avoid the release of sensitive details.
Detailing what happened
According to Stewart, the Department of Health’s network team detected a malfunctioning server in the early hours of Dec. 4 and immediately began troubleshooting the problem.
After identifying issues they felt warranted deeper investigation, the problem was passed on to the agency’s IT Security Team which alerted the chief information security officer for the Department of Health, Stewart said.
He was notified shortly after and launched …….