Several daily COVID-19 metrics remain missing on the Maryland Department of Health (MDH)’s website as of Tuesday, after a cyber attack forced it to shut down more than a week ago.
Andy Owen, a spokesperson for the department, told WYPR that they are trying to get data back up as soon as possible, but did not give a specific date.
He wrote in an email that they’re focusing on “gaining full visibility into the affected network infrastructure.”
Last week, Owen wrote in an email that “there is no evidence at this time that any data have been compromised.”
Joseph Carrigan, a senior security engineer at the Johns Hopkins Information Security Institute, said that’s reassuring. He said this means the department would not suffer high recovery costs.
“It looks like they caught this at the right time before things started getting damaging and out of control,” Carrigan said.
The department shut down the website on the weekend before Dec. 6, which he said was the right move.
But Carrigan said MDH needs to be more transparent with the public.
“They have not really done a good job of communicating what the situation is,” he said. “The biggest risk for that victim organization is that they don't control the message.”
Carrigan said that failure to communicate leaves room for speculation on worst case scenarios, which can erode public trust.
“I am sure that right now, inside of that organization, there's an all hands on deck mentality,” he said. “But any organization…when there is a breach, when there's some kind of cybersecurity incident, they should be planning for the communication process.”
Carrigan said these attacks are becoming more and more common, and more technically sophisticated. Last year, Baltimore County Public Schools suffered a ransomware attack that has cost millions of dollars.
The latest COVID-19 positivity rate, 5.43%, is dated Dec. 3. But hospitalization cases, which are up to date, suggest a continued spike in cases. More than 1,000 Marylanders have been hospitalized for the fifth day in a row.