Inside UVM Medical Center's ransomware attack: 11 details

Burlington, Vt.-based UVM Medical Center revealed the cybersecurity incident it suffered in October was a ransomware attack, but the health system didn't pay, according to a report in the Burlington Free Press.

During a Dec. 22 media call with reporters, health system executives described characteristics of the attack. Eleven details:

1. The attack first shut down the hospital's applications, said University of Vermont Medical Center Senior Vice President of Network IT Doug Gentile, MD. The team didn't think it was malware right away, but after about two hours they found a file with the attackers' contact information.

2. The health system shut down its IT network, including the Epic EHR, after identifying the file with contact information to prevent the spread of malware. Health system executives decided contacting the hackers and paying the ransom wouldn't save time or effort, according to a report in VT Digger.

3. UVM Medical Center did not contact the attackers, and there was no overt request for ransom.

"We assumed the reason to contact them was to hold us at ransom," said Dr. Gentile.

The health system has been working with the FBI and received permission to characterize the attack as ransomware.

4. The hackers placed malware on more than 5,000 hospital computers and laptops that encrypted files and data on 1,300 servers. UVM Medical Center had to wipe the computers, laptops and servers and then reinstall all data and software, according to the report.

5. The attack occurred on Oct. 28, and the health system has restored about 80 percent of UVM Medical Center's applications that power about 98 percent of functions. There is no evidence of lingering malware on its computer and server.

6. UVM Medical Center worked with IT security company Cisco Talos to recover from the attack and continues to keep the company on retainer. The FBI also assisted in the recovery, and the governor deployed a Vermont National Guard unit to assist as well.

7. There is no evidence that patient information was compromised during the attack, and the attack didn't spread far beyond UVM Medical Center to the system's other locations.

8. The health system furloughed or reassigned about 300 employees who were unable to perform their jobs when the computer and phone systems were down.

9. When the IT systems were taken offline, UVM Medical Center and affiliated locations canceled or postponed some services, including elective procedures and cancer treatments. In some instances, patients with test results could not be contacted.

10. The attack cost UVM Medical Center around $1.5 million per day in lost revenue and expenses to restore its computer systems. President and COO of UVM Medical Center Steve Leffler, MD, previously said the attack could cost about $64 million before systems are fully restored.

11. The hackers were able to compromise UVM Medical Center's security system despite preventive measures.

"This is an arms race," Dr. Gentile said. "We all have to continually update our tools and approaches to stay ahead of the bad guys."

More articles on cybersecurity:
Tennessee Medicaid plan's vendor mails PHI to wrong members, exposes 3,300 individuals' info
Officials shut down fake Moderna, Regeneron websites that allegedly stole users' info for cyberattacks
Georgia hospital reports 550 daily cyberattack attempts on its Epic MyChart system

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars