For more than two weeks, COVID surveillance data wasn't released publicly, and many day-to-day operational services are still unavailable.
Many services at the Maryland Department of Health have been offline since an early December ransomware attack, state officials said.
COVID case reporting was interrupted, and basic Health Department functions have been unavailable for weeks. It's unclear when services will be restored, according to a report in the Baltimore Sun.
Other services that went offline included the ability to issue death certificates and renew licenses for health professionals. HIV patients were having trouble accessing medications, and patients at state psychiatric hospitals were unable to access their bank accounts, Maryland Matters reported.
Additionally, 17 of Maryland's smaller counties, which use laptops and email systems provided by the state health department, had to move to paper-based systems.
In a Jan. 12 media briefing, state Chief Information Security Officer Chip Stewart said the threat actors demanded payment, but the state refused to pay. He declined to specify the ransom amount.
Within hours of the Dec. 4 security incident that disrupted service, the Heath Department contained the attack by "isolating their sites on the network from one another, external parties, the Internet and other State networks," Stewart said in a statement.
After the attack, the Health Department worked with cyber response teams at the state's IT and Emergency Management Departments, the State Police, the governor’s Office of Homeland Security and the Maryland National Guard. Stewart said he also notified the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and contacted forensic investigators and activated the state's cybersecurity insurance plan.
While the Health Department was offline, employees used their personal devices and were instructed to stay off the department's Wi-Fi network, according to an internal memo shared with the Sun. A new wireless system, devices and platforms are being rolled out.
Meanwhile, Stewart asked for patience as services are methodically restored.
“We are recovering with deliberate action to minimize the likelihood of reinfection,” he said. “I cannot stress how important this point is — in order to protect the state’s network and the citizens of the state of Maryland, we are proceeding carefully, methodically and as expeditiously as possible, to restore data and services.”