Cyber Incident Victim: University of Maryland Medical System

On December 9, 2018, at approximately 4:30 AM, the University of Maryland Medical System (UMMS) experienced a ransomware attack targeting its network infrastructure. The incident prompted the organization to initiate emergency protocols, leading to the proactive shutdown of affected networks and connected devices by 7:00 AM that same morning. Initial assessments revealed that approximately 250 devices—primarily desktop computers—were compromised out of the system’s total inventory of 27,000 networked devices. The attack did not follow conventional ransomware patterns, as the malicious software failed to encrypt the targeted systems despite exhibiting ransomware-like characteristics. This deviation prevented the attackers from demanding payment, as no encryption lockout occurred. UMMS maintained clinical operations throughout the event by isolating infected endpoints and restoring unaffected equipment to service by the morning of December 10.

UMMS cybersecurity teams detected the intrusion early and implemented pre-established containment measures, including quarantining all 250 compromised devices to prevent lateral movement across the network. Senior Vice President and Chief Information Officer Jon P. Burns confirmed the effectiveness of these protocols, stating the defensive actions successfully neutralized the threat before it could propagate or encrypt critical systems. Forensic investigations found no evidence of unauthorized access to patient records or other sensitive data repositories during the incident. The hospital system attributed its rapid recovery to existing incident response plans, which prioritized network segmentation and immediate isolation of anomalous activity. No ransom payment was initiated or demanded due to the attack’s failure to achieve encryption objectives, and all isolated devices underwent remediation before returning to operational status.