Post-Cyberattack, UVM Health Network Still Picking Up Pieces

UVM Health Network attack

More than a month after the cyberattack first hit, the UVM health network is still grappling with delayed payment processing and other issues.

More than a month after a cyberattack hit the University of Vermont (UVM) health network, the organization is still working to recover its systems.

The UVM health network is a six-hospital, home-health and hospice system, which encompasses more than 1,000 physicians, 2,000 nurses and other clinicians in Vermont and northern New York. When the cyberattack first hit, the week of Oct. 25, it led to widespread delays in patient appointments – including chemotherapy appointments, as well as mammograms and biopsies.

Weeks later, the network is still struggling to restore systems – only last week announcing it has restored access to the MyChart online patient portal for its existing users (MyChart was unavailable to patients following the cyberattack), as well as the Epic electronic medical record system.

“The time it took UVM to restore some of their system is indicative for the impact the recent cyberattack had – and, not all systems have been restored yet,” Dirk Schrader, global vice president at New Net Technologies (NNT) told Threatpost in an email. “This attack must have been devastating. It would be an interesting case to learn from if UVM would stand up and share all details, attack vectors, timelines of this attack once fully recovered. There is a lot that other organizations can learn from this incident.”

Reports alleged that the attack came through the hospital’s main computer server, and impacted its entire system. Threatpost has repeatedly reached out to FBI spokesperson Sarah Ruane about the attack – including what type of data was accessed, how the attack initially occurred, whether malware or ransomware was utilized and more. This article will be updated accordingly when the spokesperson responds.

Roadblocks to recovery remain: While MyChart is up and running again, sign-ups and activations are temporarily unavailable, and billing statements and payment processing will be delayed at UVM Medical Center and Porter Medical Center, according to UVM health network.

At the start of the attack, the scheduling of patient appointments was impacted, according to local reports, affecting important patient screenings and appointments. Hospital staff were also impacted, according to reports, with the cyberattack leaving some staff members unable to do their normal jobs. Up to 300 employees of the UVM Medical Center hospital have been either re-assigned or furloughed, according to president and COO Stephen Leffler, MD, speaking during a press conference earlier in November.

Since then, “the University of Vermont health network continues to make steady progress toward recovering systems from the cyberattack,” according to a statement by UVM health network. We are very grateful to our staff for their extraordinary work throughout the challenge. We thank our patients and communities for their ongoing support and patience and apologize for any concern and distress this event is causing.”

Hospitals and the healthcare industry have faced a flurry of cyberattacks over the past few months. In September, a ransomware attack shut down Universal Health Services, a Fortune-500 owner of a nationwide network of hospitals. And more recently, in October, several hospitals were targeted by ransomware attacks, including Klamath Falls, Ore.-based Sky Lakes Medical Center and New York-based St. Lawrence Health System.

“The UVM incident continues to highlight how paralyzing any cyberattack can be – especially for organizations that possess valuable, private data that can be held for ransom,” Hank Schless, senior manager for security solutions at Lookout, told Threatpost. “As some businesses use a hybrid model of on-prem and cloud servers, they need to deploy modern security solutions that protect assets connecting to cloud services, including smartphones and tablets.”

Put Ransomware on the Run: Save your spot for “What’s Next for Ransomware,” a FREE Threatpost webinar on Dec. 16 at 2 p.m. ET. Find out what’s coming in the ransomware world and how to fight back. 

Get the latest from world-class security experts on new kinds of attacks, the most dangerous ransomware threat actors, their evolving TTPs and what your organization needs to do to get ahead of the next, inevitable ransomware attack. Register here for the Wed., Dec. 16 for this LIVE webinar.

Suggested articles