On December 9, 2018, the University of Maryland Medical System detected an unauthorized individual on its network. The individual had succeeded in installing malware onto their system. Prompt action was taken to isolate the infected computers to contain the attack.
In a statement issued by UMMS senior VP and chief information officer, Jon P. Burns, he stated that “most of the devices that were infected with the malware were desktop computers. The prompt action taken by IT staff allowed the infected computers to be quarantined quickly. No files were encrypted and there was no impact on medical services.”
The swift response from UMMS significantly reduced the damages suffered. The attack was detected at 4.30am and by 7am, its networks and devices had been shut down and taken offline and the devices already effected had been restrained. By Monday morning it was back to business as usual for UMMS, with the majority of its systems back online and fully functional.
The incident shows that is vital for healthcare organisations to have an effective incident response plan that can be immediately implemented in the event of a malware attack.
UMMS uses in excess of 27,000 computers that are required to run medical facilities in more than 150 locations. Only for the rapidness of their response to the breach, the malware attack could have been much more serious and could have majorly impacted their patients.
“The measures we took to identify the initial threat, isolate it to prevent intrusion, and to counter and combat the attack before it could infiltrate and infect our network worked as designed,” noted Burns.
As far as it is aware, UMMS does not believe that any medical records or other patient data have been compromised. The investigation into the attack is continuing to determine just how the malware was introduced into their network. Computer forensics experts have been enlisted by UMMS for help in this regard and the security breach has been reported to law enforcement.