A recent ransomware attack on Maryland’s paratransit system has disrupted critical transportation services for disabled residents, raising urgent cybersecurity concerns about the vulnerability of public infrastructure. The Maryland Transit Administration (MTA) confirmed a cybersecurity breach affecting its Mobility service—the state’s dedicated transport solution for individuals with disabilities—rendering it unable to accept new trip reservations or rebook existing ones.
Although core transit services, including Local Bus, Metro Subway, Light Rail, MARC train, and Commuter Bus operations, remain unaffected, the incident has put a spotlight on a troubling pattern: cyberattacks increasingly targeting essential services for vulnerable populations.
The Ransomware Strike Disrupted Key Scheduling Systems But Spared Core Transit
MTA disclosed that the ransomware attack led to unauthorized access to critical internal systems, particularly those responsible for real-time information and scheduling for the Mobility paratransit service. Despite the disruption, pre-scheduled trips are still being honored, allowing some continuity for riders who had bookings secured before the incident.
Multiple Agencies Now Coordinating the Emergency Response
In response to the ransomware incident, Maryland officials have activated the statewide emergency operations center . This team includes:
- The Maryland Department of Emergency Management
- The Maryland Transit Administration (MTA)
- The Maryland Department of Information Technology
Additionally, MTA is working with third-party cybersecurity experts and federal law enforcement agencies to investigate the nature and extent of the intrusion. As of publication, no ransomware group has come forward to claim responsibility .
Mobility Users Directed to Alternative Services With Limited Guarantees
To mitigate the impact during system downtime, MTA is advising eligible Mobility users to rely on the alternative Call-A-Ride program. However, this backup option lacks the vehicle customization and scheduling precision of the standard service. Riders have been cautioned that availability of accessible vehicles or specific pickup times may not be guaranteed.
For disabled residents relying on Mobility for critical medical appointments, employment transportation, and daily errands, this limitation introduces significant challenges. MTA has recommended reaching out to healthcare providers or emergency services for urgent needs during the disruption.
Cybersecurity Weaknesses in Municipal Disability Services Are Becoming a Trend
This attack on Maryland’s transit system is part of a larger pattern of cyber incidents that have hit municipal services serving disabled communities across the U.S. over the past two years. Similar to disruptions reported in Nevada, where government communications were recently impacted by a network security incident, this event underscores how inadequate cyber defenses in essential public services are being exploited.
Risk to Vulnerable Populations Heightens the Stakes
The affected services cater specifically to individuals relying on accessible transportation—a community demographic that can be disproportionately impacted by digital disruptions. As public agencies digitize scheduling and management systems, the attack surface increases for bad actors seeking to exploit system interdependencies.
Agencies responsible for disability services often operate on tight budgets and legacy systems , making them particularly susceptible to ransomware. In many cases, minimal staffing and inconsistent cybersecurity funding result in unpatched software or absent multi-factor authentication (MFA), both of which may create exploitable vulnerabilities.
Experts Urge Strengthened Cyber Protections Across Critical Transit Infrastructure
The incident showcases the need for improved cybersecurity resilience in transit ecosystems, particularly for paratransit systems. While no technical post-mortem has yet been released, industry experts—including those cited by SANS Institute—recommend a number of best practices to fortify systems:
- Multi-factor authentication (MFA) : To limit attacker access even with compromised credentials
- Timely system patching and updates : To close known vulnerabilities that ransomware groups exploit
- Intrusion detection and log monitoring : To quickly identify unauthorized access or anomaly patterns
- Employee cybersecurity training : To mitigate phishing, one of the most common entry points for ransomware
- Data segmentation and backups : To prevent the full compromise of operational systems and to support recovery
These controls are not only vital for restoring functionality after an incident but also for proactively reducing the attack surface before adversaries strike.
A Wake-Up Call for Public Sector Cyber Resilience
Although the core transportation grid in Maryland remains operational, the targeted breakdown of the Mobility paratransit service is a serious disruption for some of the state’s most vulnerable citizens. Until MTA systems are fully restored, riders must rely on less robust alternatives while agencies continue containment and forensic analysis efforts.
This incident serves as a timely reminder for states and municipalities across the U.S. to reassess the cybersecurity posture of disability services and adapt their defenses accordingly. As ransomware groups evolve their focus from general consumer data to mission-critical public services, resilience planning and vulnerability management must become a strategic priority.
