Cyberattack Hits Maryland Department of Health; Government Agencies Increasingly Targets of Hackers

UPDATE (8:32 P.M. 12/6): The Maryland Department of Health said its website is now operational.

BALTIMORE (WJZ) -- The Covid-19 infection metrics on the Maryland Department of Health website have not been updated in days with a warning that "MDH is experiencing a server outage. Data will be updated as soon as possible."

It is part of a cyberattack. Some pages have been redirected to the main state government web page while servers are offline.

Update on the cyber attack at the Maryland Department of Health •Servers will remain offline out of an abundance of caution
•Data updates will resume as soon as possible⁰•No evidence at this time that any data compromised @wjz
— Mike Hellgren (@HellgrenWJZ) December 6, 2021

One health care executive tweeted that people are having trouble getting key Medicaid information because of the hack.

Someone from @MDHealthDept, please fix your website. Most pages are not working, including the page that lets people enroll in Medicaid.https://t.co/NEZMskFtwy
— Ankit Gupta (@gankit) December 5, 2021

This has the hallmarks of a ransomware scheme. Cybersecurity consultant Terry Bazemore Junior, the Chief Operating Officer of Ey3 Technologies, said the state made the right move shutting down parts of their website to stop the damage. "It's an excellent first step is to pull things down that may still be vulnerable—potential vulnerabilities that may lead to further attacks and deeper attacks to where they can stay on your network and do things further," Bazemore told WJZ Investigator Mike Hellgren. "Typically, attackers want to attack places that are going to have critical data and data where they know they need to make split-second decisions—whether it could be life or death—somewhere like a health department or a hospital."

The Maryland Department of Health says there is no evidence data has been compromised, and they have yet to confirm whether any hacker has hijacked their computers demanding money, which is what happened to Baltimore City two years ago. Criminals demanded $100,000 in bitcoin.

The city ended up spending $6 million to get back online and almost $1 million for insurance against future attacks. "The big question that companies or agencies are going to have to assess is to pay or not to pay," Bazemore said.

Government is a frequent target. Last year, Baltimore County schools had to shut down online learning after a cyber attack. "It is sobering to see how many school systems and local governments have been hit by this. And that's not even including local businesses and mom-and-pops and things like that that have been hit," he said.

The Department of Health told WJZ in a statement they are "working closely with federal and state law enforcement partners to address the incident and to gather additional information. Certain systems have been taken offline out of an abundance of caution and other precautions have and will be taken."

"The investigation is ongoing, potentially affected employees and partners have been informed, and we will provide additional information as circumstances warrant," the agency wrote.

Healthcare is often a target of hackers. A CBS News investigation found more than one thousand hospitals were attacked last year alone—with some hackers even shutting down equipment—and blamed for patient deaths.

In 2020, hackers hit Greater Baltimore Medical Center affecting some of their information technology systems.

Featured Local Savings

More from CBS News

Maryland residents react to federal lawmakers' efforts to ban TikTok

Four commercial channels at Port of Baltimore to be open by end of the week, Governor Moore says

Rise in cost of goods expected after Key Bridge collapse impacts Port of Baltimore

Dr. Carey M. Wright appointed as next Maryland State Superintendent of Schools