The University of Maryland Medical System has recently announced that it has been the victim of a malware attack on its network.
The University of Maryland Medical System is a private, not-for-profit corporation that operates 11 hospitals in Maryland. In the early hours of Sunday, December 9 2018, employees of the facility discovered that an unauthorised individual had managed to install malware on its network. It is assumed that the individual was attempting to gain access to the protected health information (PHI) of patients of the organisation.
As the University of Maryland Medical System annual patient admissions stands at 83,000 individuals, the hacker could potentially gain access to a great deal of data. Due to its use in nefarious activities such as identity theft and fraud, medical information has a high black market value, thus making hospitals lucrative targets for hackers. Although larger organisations are more likely to have employed robust security frameworks, they also prove potentially more profitable targets should the hacker succeed.
Employees at the University of Maryland Medical System acted quickly to identify and isolate the computers that were infected by the malware in an attempt to contain the attack. They were successful in doing so.
A joint statement regarding the attack was issued by UMMS senior VP and chief information officer, Jon P. Burns. According to the officials, most of the devices that were infected with the malware were desktop computers. Thanks to the rapid response of the IT staff, the infected computers to be quarantined quickly and the damage of the attack was mitigated. No files were encrypted, as would be in a typical ransomware attack. They announced that there was no impact on medical services offered by the organisation.
The attack was detected at 4.30am and by 7am, its networks and devices had been taken offline and affected devices had been quarantined. The majority of its systems were back online and fully functional by Monday morning, with virtually no disruption for the patients.
This rapid response is a good example of how an organisation which properly prepares itself for the eventuality of an attack can prevent catastrophic damage and huge breaches of confidential information. By having an effective incident response plan, the integrity of the PHI was maintained.
UMMS runs medical facilities in more than 150 locations and uses more than 27,000 computers. If a breach response plan had not been in place, the malware attack could have been far more serious and could have had a major impact on patients.
“The measures we took to identify the initial threat, isolate it to prevent intrusion, and to counter and combat the attack before it could infiltrate and infect our network worked as designed,” explained Burns.
An investigation was launched to assess the scope of the breach. UMMS investigators assert that there is no evidence that any medical records or other patient data have been compromised. The investigation into the attack is continuing to determine how the malware was introduced. UMMS has enlisted help from computer forensics experts in this regard and the security breach has been reported to law enforcement.