November 4, 2020 by Tim
Note: Green Mountain IT Solutions does not provide services to UVM Medical Center and has no affiliation with the hospital.
Last week, I broke the story on the ongoing cyberattack at UVM Medical Center. This week, there are still more questions than answers.
In fact, the lack of information is becoming the defining feature of this event. So far, UVM officials have not confirmed whether the attack was a ransomware event, nor have they announced if the perpetrators are thought to be linked to the so-called UNC1878 group, a.k.a “Wizard Spider”, believed to be behind recent attacks at hospitals around the country.
Then there’s the length of time that systems have been down. As of Tuesday, November 3, it appears that the majority of hospital computer systems remained non-operational, with staff resorting to paper systems. That means it’s been nearly a week that systems have been down. Typically, the cyber-security strategy at a large organization like UVM would include a well-tested Incident Response Plan with a target restoration time of a few days, at most.
Clearly, things are very bad at UVM. But that’s really all we know for now.
So, what can we expect to learn in the coming days? No one can say for sure, but I’ve never let that stop me from wild speculation before! Here’s a few conjectures:
I’m sure we’ll find out what’s really going on eventually, but at this point I’m not holding my breath.