Cyber Incident Victim: Marylands Department of Health and Human Services

A cyberattack targeting the Maryland Department of Health disrupted operations during the weekend of December 4-5, 2021, prompting officials to take systems offline. The Maryland Security Operations Center initiated an investigation into the network security incident, with department spokesman Andy Owen confirming the intrusion in a public statement. The health department implemented precautionary measures, including disconnecting certain systems from the network to contain potential threats. These actions occurred while investigators worked to assess the scope and severity of the breach. The disruption began over the weekend and extended through at least the morning of Monday, December 5, when reporting indicated systems remained offline. No specific details about the attack vector or compromised data were disclosed during this initial phase. The department's statement emphasized ongoing efforts to address security concerns while maintaining operational integrity.

The incident caused significant operational paralysis, described as freezing the health department's capabilities, though specific affected services weren't enumerated. Response actions focused on containment through system isolation and implementing additional unspecified security precautions. The prolonged downtime suggested substantial infrastructure impact, with recovery efforts continuing beyond the initial attack window. No ransomware claims or threat actor attribution appeared in available reporting. The Washington Post's coverage highlighted the seriousness of the disruption but noted limited public details about patient data exposure or clinical service interruptions. Maryland's centralized security team maintained investigative control while the health department operated in a reduced-capacity state during remediation.