​​MDH I​nformation Security (InfoSec)

The Information Security (InfoSec) program helps protect against potential information technology (IT) threats and vulnerabilities. The program reports directly to the Secretary of MDH with a primary focus of protecting MDH's ability to continually provide secured mission-critical operations. Through personnel, policies, procedures, and standards, InfoSec helps ensure the availability of organizational information, confidentiality, integrity, and compliance with HIPAA, CMS, DoIT Security Manual, and Federal and State mandates.

The InfoSec Program is a risk-based program that gathers metrics to arrange phased continuous improvement processes for information security across the MDH organization. InfoSec employs three main strategies to protect the confidentiality, integrity, & availability (CIA) of MDH data:

  • Governance, Strategy, and Guidance
  • Testing and Assessment
  • Monitoring and Detection
​If need to report a security event or incident, have questions about the MDH Information Security Program or would like information, please email mdh.cybersecurity@maryland.gov with your comments, questions, or concerns. ​​

 InfoSec Strategies

Contact us:​

Maryland Department of Health
Office of Internal Controls, Audit Compliance & Information Security​ (IAC/S)
Chief Information Security Officer (CISO)
201 W. Pre​​ston Street
Baltimore, MD 21201
410-767-5314 office 
410-333-7194 fax