Just before Thanksgiving this year, as students were entrenched in virtual learning, a major ransomware attack took down Baltimore County Public School’s (BCPS) computer systems. As a result, schools closed for several days, many devices were unusable, and like any other major IT security incident, significant costs were incurred to remediate the damage. BCPS will most likely undergo an assessment to determine exactly how the incident happened and they will have to invest significantly to harden their systems and change how they operate.
Shortly after the BCPS attack, a few miles up the road, Greater Baltimore Medical Center (GBMC) experienced its own ransomware attack, which took down many of their systems. Fortunately, patient care was still mostly maintained, aside from some postponed elective care. It appears that data and operations will be back to normal in fairly short order, but there will still be costs associated with this, and certainly nobody at GBMC wants to be associated with a ransomware incident.
As we continue to see attacks on this scale and frequency it’s important to not just shake our heads at another incident and wonder what needs to change in order to stop seeing these headlines. Instead, let’s uncover what we can learn from these incidents to minimize our own risks, both personally and in our businesses.