UVM Medical Center admits it was victim of ransomware attack - WCAX

sirangsiram.blogspot.com

BURLINGTON, Vt. (WCAX) - The University of Vermont Medical Center now says it was the victim of a ransomware attack. Officials avoided using the term for weeks, saying only that it was a cyberattack.

For about two months, we’ve asked the medical center multiple times whether this was a ransomware attack. They had said the FBI asked them not to release that information.

Now, they say they’ve gotten the OK to call it that, but they still say they did not receive any request for money. The hospital admits it found a file that included contact information for the attacker. The file said that if they wanted their systems restored, the hospital had to contact them.

Officials say they were advised not to name the attacker or attackers, or the motive.

IT experts say they never reached out to the perpetrators and said they barely considered it.

“Because we already had backups, we were going to have to rebuild that anyways, just to ensure we got rid of the malware. So it wasn’t going to save us any time and, in fact, they encrypted some of the pieces you need to use with the key to de-encrypt, those were encrypted, so even if we had gotten the key, we couldn’t have used it,” said Dr. Doug Gentile, the chief information officer for the UVM Health Network.

The UVM Health Network is currently hardening its defenses to limit the spread of any possible future attacks, so not as many systems would be impacted if something like this were to happen again. IT experts also say that they do not believe that any employee or patient medical information was compromised or stolen in the attack.

There is no updated figure on how much it has cost the medical center to recover and rebuild its systems, but we know the hospital is losing roughly $1.5 million per day. It has been 55 days since the attack which comes out to more than $82 million.

UVMMC says they had strong security and malware blockers in place, but still fell victim to the attackers.

“It’s become clear, really this is an arms race. I think you’ve all seen in the news some of the recent sophistication of cyberattacks that are being launched and it’s really just going to continue. So, we all have to stay vigilant. We all are going to continually have to update our tools and our approaches to try to stay ahead of the bad guys in this situation,” Gentile said.

Hospital officials say they continue to work with the FBI on the case.

At this time, more than 80% of the hospital’s applications have been restored. They hope to have everything fully restored in early January.