October 28, 2020 by Tim
Note: this is a developing (and speculative) story. Information may change as we learn more about the situation on the ground. Green Mountain IT Solutions does not provide services to UVM Medical Center and has no affiliation with the hospital.
Update Wednesday, November 4, 2020: You are viewing the original article posted when we first learned of the attack. For updated details, see the new post here.
Update Thursday, October 29, 2020: This article was originally posted on Wednesday, October 28. Since then, UVM Medical Center has confirmed that the hospital was affected by a cyber attack, though the hospital’s president denies that attackers demanded a ransom payment. Read more details here.
Earlier today, I received leaked reports indicating that the University of Vermont Medical Center was having issues with its IT systems. It appears that many, if not all computer systems at Vermont’s largest hospital were inaccessible as of Wednesday afternoon. The outage seems to be affecting the hospital’s main campus as well as at least some of the UVM Health Network’s satelite sites.
So far, all we’ve heard from UVM is a tweet about a non-specific “outage”.
ALERT: We are experiencing a site outage affecting access to the MyChart Patient Portal. We apologize for any inconvenience and will let you know when access is restored.
— UVM Medical Center (@UVMMedCenter) October 28, 2020
I expect an official announcement to be made by tomorrow, October 29th. But even without a statement from the hospital, I’m ready to assume the worst. As reported today by both CNN and Reuters, in just the past two days hospitals in Oregon, California, New York, and Pennsylvania have suffered ransomware attacks. The attackers are believed to be based in Eastern Europe.
It’s probably a safe bet that UVM Medical Center is the latest victim in this new round of attacks.
Hospitals have been heavily targeted by cyber-criminals lately. Last month, a patient in Germany died when hospital services were unavailable due to a cyber-attack, with the incident being widely reported as the first death that could be directly attributed to ransomware.
As with most cases of ransomware, I suspect we’ll find that the attackers targeted certain employees with malicious emails to gain a foothold on the hospital network. It’s also possible that the attackers exploited systems that were not yet patched against one or more of the many Microsoft Windows vulnerabilities discovered this year, such as the critical SigRed and Zerologon bugs.
As is also typical, we will probably learn that the attack was entirely preventable.
It goes without saying that a cyber-attack launched against a medical facility is a heinous and despiacble act. But at this point, hospitals need to be ready. Already, we’ve heard calls for the government to step in and help hospitals improve their defenses. It’s now clear that help can’t come quickly enough.