During the week of October 25, 2020, the UVM Health Network experienced a confirmed cyberattack affecting some systems. Despite standby procedures in place to continue providing safe care, the attack caused variable impacts on services at affiliate organizations. 

According to the organization, they have made significant progress overnight to restore behind-the-scenes components that will aid in the restoration of additional patient-facing systems.

"Our IT team has now accessed patient schedules for all Network hospitals through next weekend. This will improve our efficiency and the overall experience for patients as we continue to restore systems from last week's cyberattack event," says the organization, in an update. "We have also developed plans to ensure patients receive needed cancer treatments for the next several days. Patients are receiving treatment and we are urgently working to expand our capacity to provide chemotherapy at UVM Medical Center to seven days per week and three evenings per week. Meanwhile, we are also scheduling some patients for treatment at Central Vermont Medical Center, Champlain Valley Physicians Hospital and other facilities when appropriate."

With the help of the Vermont National Guard, UVM is continuing a major effort to review thousands of end-user computers and devices. This massive undertaking, to ensure devices are free of any malware or virus, will continue into next week, says UVM. 

Dirk Schrader, Global Vice President at New Net Technologies (NNT), a Naples, Florida-based provider of IT security and compliance software, notes: “It appears that malware groups have decided it is the end of closed season for hospitals and other healthcare providers. At the beginning of the pandemic, most pledged to shy away from this group of targets, however, the recent warning issued by CISA, FBI, and HHS indicates that this is not expected to be the case any longer. Our own research about unprotected, unpatched medical devices connected to the Internet (Image Archives and Electronic Medical Record systems) shows that the healthcare sector is still an easy target, and most likely will remain one for the foreseeable future. The sector needs to change its approach away from negligence about cyber security towards an integrated, cyber-resilient handling of medical devices incorporated into hospital processes.”

Hank Schless, Senior Manager, Security Solutions at Lookout, a San Francisco, Calif.-based provider of mobile security solutions, adds, “Healthcare systems, hospitals, and pharmaceutical companies have been enduring more focused cyberattacks during the pandemic. Most recently, we saw a widespread ransomware attack on the UHS health system that brought down the networks of a handful of hospitals. Threat actors know that these organizations are under intense pressure to take care of a high volume of patients and help contribute to discovering a vaccine on top of their usual responsibilities. This situation highlights how paralyzing any cyber-attack can be - especially for organizations that possess valuable personal data that can be held for ransom. As some organizations use a hybrid model of on-prem and cloud servers, they need to deploy modern security solutions that protect assets connecting to cloud services, such as smartphones and tablets. Threat actors know that mobile devices aren’t usually secured in the same way as computers, but now have the same level of access to corporate assets. Mobile phishing has become one of the primary ways threat actors get into corporate infrastructure and deliver a malicious payload that kicks off an attack like this.

According to Schless, Lookout data shows that healthcare and life sciences organizations face constant threats on mobile devices:

  • 1 in 50 mobile devices in the healthcare industry encountered a malicious app in Q3 of this year.
  • Year-to-date in 2020, 78% of mobile phishing attempts targeting the healthcare industry intended to deliver malware to the device.
  • The remaining 22% had the goal of stealing personal and login credentials for internal healthcare, hospital, and life sciences platforms.

Heather Paunet, Vice President of Product Management at San Jose, Calif.-based Untangle, says, “The healthcare industry will remain a high-level ransomware target, especially as continued testing increases the amount of data or information known about patients or future patients. IT departments need to be more aware than ever before about how to protect their network, their employees and their patients.”