How Does the Baltimore City Ransomware Attack Affect County Residents?
Baltimore County is Working to Minimize Impact
As our neighbors in Baltimore City work to address the ransomware attack on the City’s computer systems, we wanted to share some information about implications for Baltimore County.
Please note that Baltimore County has not experienced a ransomware attack on our systems. However, there are a few ways in which County residents may be impacted by the City’s attack. County officials are working to minimize those impacts.
Property Transfers
Baltimore County will not hold up any deed transfers for water bills. The Baltimore County’s Lien Certificate only lists the phone number for the City’s Water Department—the County’s normal process does not verify whether the water account is up to date. That function is completed by the Title Company.
The water bill issue will only affect the transfer of a property if at the settlement table the buyer does not want to proceed without information about the final water bill. This would be between the buyer and seller. The title company would have the ability to establish an escrow amount for the water charge until the actual amount can be determined.
Water Billing
While the City’s ability to deliver water to residents and businesses is not affected by the attack, the water billing system is down. The City’s Department of Public Works has created an email address, DPW.Billing.Baltimorecity@gmail.com, as a temporary point of contact for customers to send them communication.
Sewer Billing
The County Department of Public Works Metro District Billing Office uses City water information and systems to assist with customer service inquiries. Until City computer systems are fully restored, the process of responding to billing inquiries may be slowed.
Security of the County’s Systems
Baltimore County Government is committed to protecting citizen data and maintaining availability of citizen services. While no security controls can guarantee complete protection, Baltimore County has invested in technologies over many years to strengthen the confidentiality, integrity and availability of our systems to weather unforeseen events. We have implemented a more rigorous vulnerability assessment program to help us identify vulnerabilities and paired it with a more robust patch management program allowing a faster response once vulnerabilities are identified. We have tools in place to identify threats at the perimeter of our network, which we will continue to monitor and expand.
In addition, we have implemented tools to identify and remove threats from phishing emails prior to them entering our environment. Every County employee receives regular training on how to identify malware and other basic cybersecurity methods. As we became aware of new threats like those in our neighboring jurisdictions being targeted, we began to add warning notices to every email message received from outside of our network so employees could better identify phishing messages and potential malware.