Share this article on:
In the early hours of Sunday, December 9, 2018, the University of Maryland Medical System discovered an unauthorized individual had succeeded in installing malware on its network. Prompt action was taken to isolate the infected computers to contain the attack.
According to a statement issued by UMMS senior VP and chief information officer, Jon P. Burns, most of the devices that were infected with the malware were desktop computers. The prompt action taken by IT staff allowed the infected computers to be quarantined quickly. No files were encrypted and there was no impact on medical services.
UMMS should be commended for its rapid response. The attack was detected at 4.30am and by 7am, its networks and devices had been taken offline and affected devices had been quarantined. The majority of its systems were back online and fully functional by Monday morning.
The incident highlights just how important it is for healthcare organizations to have an effective incident response plan that can be immediately implemented in the event of a malware attack.
UMMS runs medical facilities in more than 150 locations and uses more than 27,000 computers. If a breach response plan had not been in place, the malware attack could have been far more serious and could have had a major impact on patients.
“The measures we took to identify the initial threat, isolate it to prevent intrusion, and to counter and combat the attack before it could infiltrate and infect our network worked as designed,” explained Burns.
At this stage, UMMS does not believe that any medical records or other patient data have been compromised. The investigation into the attack is continuing to determine how the malware was introduced. UMMS has enlisted help from computer forensics experts in this regard and the security breach has been reported to law enforcement.