Heath Renfrow, CISO of Conversant Group, told ZDNet that it was “bold” of officials to say the systems were taken offline as soon as the intruder was detected because typically, hackers spend significant time in a victim’s system.
“If the MD Health Department had truly been alerted to the intrusion when it occurred, then their systems should not have been encrypted. I would guess that they were taken offline after the successful encryption of most of their systems, and that the encryption stage had already completed what it needed to complete,” Renfrow said.
“I would be curious if outside breach counsel has been engaged for this incident, and what the ultimate results of the Data Forensics Incident Response results will show (how the threat actors gained access, what sensitive data could they have touched, and if data was exfiltrated). Health and Human Services Office of Civil Rights will most likely have to be notified of potential Health Insurance Portability and Accountability Act (HIPAA) violations, and possibly notifications sent to the victims of the potential exposure of their personal health information.”