ANNAPOLIS — Investigation into a “network security incident” that shut down the Maryland Department of Health website over the weekend remained ongoing Tuesday.
The state’s health.maryland.gov website was online Tuesday afternoon, but included an alert that stated “the incident appears to have affected some of our partners, including local health departments,” and added that “at this time, there are no indications that any data has been compromised.”
The state’s vaccination dashboard, coronavirus.maryland.gov/#Vaccine, was back in operation at 1 p.m. Tuesday, MDH spokesman Andy Owen told the Cumberland Times-News.
At that time, MDH was unable to update its COVID-19 dashboard, coronavirus.maryland.gov, which typically includes daily reports of new virus cases, deaths and hospitalizations from across the state.
Owen said MDH “will resume COVID data reporting at the earliest opportunity.”
In addition to the state’s health department, Maryland’s information technology and emergency management departments “are working closely with federal and state law enforcement partners to address and gather information about the network security incident that was discovered this past weekend,” he said via email.
“The investigation is ongoing,” Owen said. “Our employees and partners have been informed, and we will provide additional information as circumstances warrant.”
Owen did not confirm “cyberattack” as description of the network security incident.
Cyber 'bad guys'
Richard Soderman is an assistant professor at Allegany College of Maryland where he teaches in the computer technology department.
“There are many possible causes of a network security incident,” he said via email Tuesday. “One of the most frequent is tricking employees into doing something they should not do. This is often accomplished by a phishing email which entices an employee to click on a malicious web link or download a malicious attached file. Either of these things can cause an employee's computer to be compromised in such a way that a cybercriminal can remotely access that computer, and possibly other computers in an enterprise's network.”
A cybercriminal that has access to an enterprise's network can perform a wide variety of harmful acts, Soderman said.
“One frequent harmful activity is ransomware,” he said. “This is where the cybercriminal encrypts files on enterprise computers, making the information unreadable until they are decrypted, and only the cybercriminal knows the key to do this. Money is demanded for this key.”
How are such incidents detected?
“When an employee's computer has been breached, the employee may notice activity on their computer unrelated to what they are doing,” Soderman said. “Also, the IT administrators may detect unusual network activity. If large amounts of data are being stolen, there will be a large amount of Internet traffic from inside the enterprise to a computer someplace else in the world.”
A ransomware attack will include an electronic note presented to someone in the enterprise stating how much money they must pay to get their data decrypted, a date for the ransom to be paid and method, which is usually in cryptocurrency, he said.
After a security incident, a network can be brought back online depending on its damage.
“If it was a ransomware attack, there are two basic choices: pay the criminals and hope they follow through by decrypting the data, or recovering the data from backup disks,” Soderman said. “For the second solution to be effective, the enterprise must have been making frequent backup copies of all critical data. Even if they have done this, the recovery process can be very labor-intensive and time-consuming.”
Generally, paying a ransom encourages criminals to continue cybercrime, he said.
“But in some cases, paying the ransom can get the systems back online more quickly,” Soderman said. “There are many considerations here.”
Jerry Hoover is a cybersecurity instructor at ACM.
Cybersecurity is needed “to protect information and networks from bad guys,” he said and talked of some criminals that try to disrupt network security “so they can brag.”
Other hackers seek to interfere with Health Insurance Portability and Accountability Act records, which are costly if lost.
To avoid a HIPAA records fine, a medical system is likely to pay a cyber criminal to regain access to the data, Hoover said.
“It can be very lucrative,” he said.
Governments also try to take information, including plans to construct weapons, from each other, Hoover said.
“The whole world is basically doing that,” he said.
To help avoid cyberattacks, Hoover said folks should create passwords that are difficult to guess, and not save them on their computer.
“Use a password manager,” he said.
Local health departments
The Allegany County Health Department reported voicemail problems, but said COVID-19 testing and vaccination services were not affected.
“Vaccination clinics will continue as scheduled,” ACHD said via press release Monday. “Individuals wishing to register for the December 15 Moderna booster clinic at the Allegany County Fairgrounds can do so by following this link: https://bit.ly/modernaboosterappt. Information is also available by calling our COVID information line at 240-650-3999.”
The health department offers COVID-19 vaccinations on a walk-in basis from 9 a.m. to 1 p.m. Wednesdays at the fairgrounds.
Free drive-thru COVID-19 testing continues at the Allegany County Fairgrounds Ag Pavilion 2 to 7 p.m. Mondays, and 8 a.m. to 2 p.m. Wednesdays and Fridays.
Services including behavioral health, WIC, physical health clinics and programs and environmental health services continued without interruption.
However, some ACHD services were interrupted.
“With the network and voicemail down, the ACHD dental program does not have access to their schedule of appointments. Patients are asked to call 301-759-5030 prior to coming in for their scheduled appointment, if possible,” the department said.
“At this time, the health department is unable to issue birth or death certificates. Until this capability is restored, certain existing vital records may be obtained online through vitalchek.com,” ACHD said.
The Garrett County Health Department Tuesday morning said it continued to experience a computer network outage “in connection with a network security incident involving the Maryland Department of Health.”
Scheduled clinics were open, and folks were advised to keep appointments unless they received other instructions.
Phone service appeared to be unaffected, however, “voicemail may not be working properly,” GCHD officials said.
