December 7, 2021

We were recently made aware that the Maryland Security Operations Center is investigating a network security incident involving the Maryland Department of Health. The Maryland Department of Information Technology, Maryland Department of Health (MDH), and Maryland Department of Emergency Management are working closely with federal and state law enforcement partners to assess the incident and to gather additional information. Certain MDH systems have been taken offline out of an abundance of caution.  The investigation is ongoing and the MDH has taken the necessary steps to advise potentially affected employees and partners.  MDH will continue to provide additional information as it becomes available.

As a necessary precaution and to safeguard our network, the Baltimore City Health Department is not downloading any files from MDH servers until such time that we receive notification that all MDH systems are cleared. During the period of investigation, the MDH’s systems will be inaccessible.  Accordingly, that will have an effect on our ability to access State-housed data generally employed to execute updates to our systems. In this regard, the greatest impact is on our ability to collect and analyze state captured data; specifically, our ability to upload and access some COVID-related data to our dashboard has been halted. Data regarding CDC COVID community transmission and COVID-related hospitalizations is available and current, but all other data featured on our COVID-19 dashboard has not been updated since Friday, December 3, 2021. We are also experiencing non-COVID related data disruptions at this time; principally, unavailability of data for early notification of community-based epidemics, reportable disease investigation, and early detection of suspicious patterns of illness.

Our efforts towards contact tracing of cases identified before December 3rd have continued and our internal systems currently appear to be unharmed by the potential system breach. However, given MDH’s role as our primary source of disease specific data, as noted above some publicly reported data and analytics will be limited until such time that this suspected system threat is suppressed.