What was previously deemed a cyber “incident” in Anne Arundel County’s government is now classified as a ransomware attack — and residents’ health data may be affected.
Between Jan. 28 and Feb. 22 — nearly a month — certain files housed under the Maryland county’s government and Department of Health were accessed and downloaded, per a press release from the county.
Names, addresses and medical diagnoses may have been obtained, but likely not financial information, according to the release. Anne Arundel officials are working with “technical consultants” to figure out what exact information was accessed and who was directly impacted.
The county did not immediately respond to questions about how many people were affected, what steps are being taken to investigate what happened and how the incident came to be.
Officials will be contacting people whose information may have been accessed in the “coming months.”
“The county takes this event and the security of the information in our care very seriously,” the release read. “As part of our ongoing commitment to information security, we are working with relevant stakeholders to update a range of privacy and security safeguards designed to enhance our existing protections.”
On Feb. 22, Anne Arundel closed government buildings due to the attack, though essential services remained intact. Operations went back to normal a few days later, and there have been no subsequent cyber attacks or incidents, according to the release.
County Executive Steuart Pittman acknowledged, while giving remarks about Anne Arundel’s upcoming budget, that its IT systems have been “falling behind” for several years but started to catch up.
For fiscal year 2026, Anne Arundel is planning to invest $4.3 million more in IT than in the previous year.
“It ain’t cheap,” Pittman noted in his remarks at the start of May, adding: “but backing away from the progress we’ve made would cost us far more.”
