Network security

MDH ‘Network Security Incident’ Investigated | Local News

ANNAPOLIS, Md. — The investigation into a “network security incident” that shut down the Maryland Department of Health website over the weekend remained ongoing Tuesday.

The states The website was live Tuesday afternoon, but included an alert that “the incident appears to have affected some of our partners, including local health departments”, and added that “at this time, nothing indicates that data has been compromised”.

The State Immunization Dashboard, back in service at 1 p.m. Tuesday, MDH spokesman Andy Owen told the Cumberland Times-News.

At this time, MDH was unable to update its COVID-19 dashboard, coronavirus.maryland.govwhich typically includes daily reports of new virus cases, deaths, and hospitalizations statewide.

Owen said MDH “will resume reporting COVID data as soon as possible.”

In addition to the state Department of Health, Maryland’s Departments of Information Technology and Emergency Management “work closely with federal and state law enforcement partners to address and gather information about the network security incident that was uncovered last weekend,” he said by email.

“The investigation is ongoing,” Owen said. “Our employees and partners have been notified and we will provide additional information as circumstances warrant.”

Owen did not confirm “cyberattack” as the description of the network security incident.

Cyber ​​”Villains”

Richard Soderman is an assistant professor at Allegany College in Maryland where he teaches in the Department of Computer Technology.

“There are many possible causes for a network security incident,” he said via email on Tuesday. “One of the most common is encouraging employees to do something they shouldn’t be doing. This is often accomplished by a phishing email that tricks an employee into clicking on a malicious web link or downloading a malicious attachment. Either of these things can compromise an employee’s computer in such a way that a cybercriminal can gain remote access to that computer, and possibly other computers on a company’s network.

A cybercriminal who gains access to a company’s network can commit a wide variety of harmful acts, Soderman said.

“A common harmful activity is ransomware,” he said. “This is where the cybercriminal encrypts files on company computers, rendering the information unreadable until it is decrypted, and only the cybercriminal knows the key to do so. Money is demanded for this key.

How are such incidents detected?

“When an employee’s computer has been hacked, the employee may notice activity on their computer unrelated to what they are doing,” Soderman said. “In addition, IT administrators can detect unusual network activity. If large amounts of data are stolen, there will be a large amount of Internet traffic from inside the company to a computer elsewhere in the world.

A ransomware attack will include an electronic note presented to someone in the company stating how much money they have to pay to have their data decrypted, a ransom payment date, and a method, which is usually in cryptocurrency, did he declare.

After a security incident, a network can be brought back online depending on its damage.

“If this was a ransomware attack, there are two basic choices: pay the criminals and hope they sue by decrypting the data or recovering the data from backup disks,” Soderman said. . “For the second solution to be effective, the company must make frequent backup copies of all critical data. Even if they did, the recovery process can be very laborious and time-consuming.

Generally, paying a ransom encourages criminals to pursue cybercrime, he said.

“But in some cases, paying the ransom can get systems back online faster,” Soderman said. “There are a lot of considerations here.”

Jerry Hoover is a cybersecurity instructor at ACM.

Cybersecurity is needed “to protect information and networks from bad guys,” he said, and spoke of some criminals who try to disrupt network security “so they can brag.”

Other hackers seek to interfere with Health Insurance Portability and Liability Act records, which are costly if lost.

To avoid a HIPAA registration fine, a medical system is likely to pay a cybercriminal to regain access to data, Hoover said.

“It can be very lucrative,” he said.

Governments are also trying to take information, including plans for building weapons, from each other, Hoover said.

“The whole world basically does that,” he said.

To help avoid cyberattacks, Hoover said people should create hard-to-guess passwords and not save them on their computers.

“Use a password manager,” he said.

Local Health Services

The Allegany County Health Department reported voicemail issues, but said COVID-19 testing and vaccination services were unaffected.

“Vaccination clinics will continue as planned,” CDHA said in a news release Monday. “Those wishing to register for the Moderna Booster Clinic on December 15 at the Allegany County Fairgrounds can do so by following this link: Information is also available by calling our COVID information line at 240-650-3999.

The health department offers walk-in COVID-19 vaccinations from 9 a.m. to 1 p.m. Wednesdays at the fairgrounds.

Free drive-thru COVID-19 testing continues at the Agricultural Pavilion at the Allegany County Fairgrounds from 2 p.m. to 7 p.m. Monday and 8 a.m. to 2 p.m. Wednesday and Friday.

Services, including behavioral health, WIC, physical health clinics and programs, and environmental health services continued uninterrupted.

However, some ACHD services have been discontinued.

“With the network and voicemail down, the ACHD dental program does not have access to its appointment schedule. Patients are asked to call 301-759-5030 before coming in for their appointment, if possible,” the department said.

“At this time, the health department is unable to issue birth or death certificates. Until this capability is restored, some existing vital records can be obtained online through“, CDHA said.

The Garrett County Health Department said Tuesday morning that it continues to experience a computer network outage “in connection with a network security incident involving the Maryland Department of Health.”

Scheduled clinics were open and people were asked to keep their appointments unless they received further instructions.

Phone service does not appear to be affected, however, “voicemail may not function properly,” GCHD officials said.

Source link