Cyber Attack Breaches Patient Records In Anne Arundel County: See Impact

ANNE ARUNDEL COUNTY, MD — A cyber attack breached patient records at the Anne Arundel County Department of Health, officials confirmed Thursday.

"The incident originated externally from a threat actor and was a ransomware attack. Further investigation confirmed that there was unauthorized access to a limited subset of the county’s network between January 28, 2025 and February 22, 2025," the county said in a press release. "Certain files within the network were accessed or downloaded without authorization during that time."

The county said it "cannot confirm how many individuals may be affected." Officials promised to "directly notify any individuals identified as potentially impacted through the review process in the coming months."

"The information that may have been present in the impacted files during the event varies by individual and could possibly have included: full name, address, and medical diagnosis or condition," the county said. "There is no indication at this time that financial information was impacted."

Officials learned about the attack on Feb. 22. During the investigation, they moved some county services to manual processes and let some employees work from home for security. Essential county services continued, and all services have since been restored to their normal processes.

The county said it "immediately launched an investigation to confirm the full nature and scope of the activity with the assistance of industry-leading cybersecurity specialists, law enforcement partners, and relevant state agencies."

"As a precautionary measure, the county encourages individuals to remain vigilant against incidents of identity theft by reviewing account statements, credit reports, and explanations of benefits for unusual activity and to detect errors," the county said. "Any suspicious activity should be promptly reported to one’s health care provider, insurance company, or financial institution."

The county's information technology is now on track for an upgrade. The county plans to spend $4.3 million more than last year to make IT "more efficient and more secure."

"It ain't cheap," County Executive Steuart Pittman said when he unveiled this year's budget proposal. "But backing away from the progress we've made would cost us far more."

Thursday was the first time that the county shared concrete specifics about the attack. It had previously promised answers when investigators deemed it safe.

"The county takes this event and the security of the information in our care very seriously," the press release said. "As part of our ongoing commitment to information security, we are working with relevant stakeholders to update a range of privacy and security safeguards designed to enhance our existing protections."

Residents can learn more by visiting aacounty.org/cyber-incident or calling 877-274-8983.

Related:

• Cyber Incident Website Launched, Anne Arundel County Adapts Amid Security Threat
• 'Cyber Incident' Answers Promised After Issue Resolved In Anne Arundel
• County Offices Reopening After 'Cyber Incident' In Anne Arundel