ANNE ARUNDEL COUNTY, Md. — County offices that were closed on Monday, like the Housing Resource Center and the Anne Arundel County Department of Health in Glen Burnie, will re-open on Tuesday following an ongoing "cyber incident" that led to a precautionary shutdown.
Residents are still encouraged to call ahead as there are still limited services.
Officials say they discovered the incident from an "external origin" early on Saturday but have remained tight-lipped about the details of the investigation.
Nick Mistry, the chief information security officer at Lineaje, says he believes based on the steps taken so far the county could be experiencing a ransomware attack.
"I see this trend increasing in these types of breaches and attacks are becoming more and more commonplace," Mistry said. "As we adopt more software and digitize many of our processes ... those are just going to increase because the opportunity is there."
"It's something that we've become used to now. Everyone around the country is susceptible," executive director of the University of Maryland Center for Health and Homeland Security Markus Rauschecker said.
Rauschecker says historically, governments have been targeted due to less sophisticated cybersecurity systems.
In 2019, a ransomware attack hit the city of Baltimore, ultimately costing taxpayers $18 million.
"Many local governments have gotten much stronger in their cybersecurity posture and I think that's certainly the case in Maryland, fortunately," Rauschecker added.
County Executive Steuart Pittman posted on X stating that they're taking "the most proactive approach" and that IT, public safety officials, and cybersecurity specialists "have been working around the clock" since Saturday to restore services.
Our Office of Information Technology, public safety officials, and cybersecurity specialists have been working around the clock since this incident began on Saturday morning, and remain focused on getting critical services back online safely and as quickly as possible.
— County Executive Steuart Pittman (@AACoExec) February 24, 2025
The state has prioritized preparing local jurisdictions to address any potential cybersecurity issues.
"The state works very closely with local governments including Anne Arundel County to make sure that not only is the technology in place to better protect systems but that there are whole of government, whole of jurisdiction plans in place," Raushecker said.
Though he says to understand the entire scope of the impact, we'll just have to wait and see.
It has become increasingly challenging to maintain secure systems as hackers continue to attack them in sophisticated ways, such as software supply chain attacks.
"One of the biggest challenges is actually not knowing what's in the software today," Mistry said. "Even though you have robust security measures in place what's happening is the bad guys are basically infiltrating software at the root."
Anne Arundel likely experiencing a ransomware attack
Mistry recommends companies use "cybersecurity hygiene" which includes data encryption, network controls, and managing who has access to sensitive information.
Employees are the first line of defense.
ASIC security training and 2-factor authorization protocols are also a step towards ensuring a small mistake doesn't have big consequences.
"The humans are the weakest link typically within all of the cybersecurity challenges we face," Mistry said. "Training is critical."
