Updates: Maryland Department of Health Network Security Incident

January 18, 2022


A recent network security incident caused disruption to some of the Maryland Department of Health (MDH) operations. 

The purpose of this page is to keep Marylanders informed on the progress we are making in our response to the incident. In addition, follow @MDHealthDept on Twitter for real-time updates and information.


Incident response and timeline

MDH experienced a service disruption on Dec. 4 as a result of a network security incident.While the investigation is ongoing—and is occurring on a parallel track to our restoration efforts—MDH can confirm that the incident was the result of a ransomware attack.
 
On Dec. 4, MDH detected unauthorized activity involving multiple network infrastructure systems. Immediate countermeasures were implemented to contain the incident, and servers were taken offline to protect the network. ​

The state’s chief information security officer stood up an incident command structure with a focus on protecting the MDH network, conducting a forensic investigation, and restoring core services.

Because of the state’s aggressive cybersecurity strategy, and the use of MD THINK and other cloud-based services, many of the department’s core functions were not affected. There continues to be no evidence that any data were compromised. 

To prevent additional damage, we continue to be methodical and deliberate in restoring network systems while prioritizing health and human safety functions
 
We remain actively engaged with both state and federal law enforcement partners as part of an ongoing criminal investigation. 

View MDH Employee Network Security Incident FAQ

View Jan. 12 MDH and DoIT network security incident statements


 Frequently asked questions