What are lessons learned from UVM Health Network hack?
BURLINGTON, Vt. (WCAX) - Three weeks after the University of Vermont Health Network experienced a cyber-attack crippling many of its systems, the network’s six hospitals are still not back to full strength.
UVM Health Network officials this week said they now have “read-only” access to Epic, their electronic health record management system. But as the systems come back online and the FBI tries to find out who’s responsible, we asked decision-makers who will pay for the fallout and what it means for hospital cybersecurity going forward.
The Green Mountain Care Board regulates health care in Vermont. The board is not planning a probe into a shutdown that has impacted thousands of patients. Regulators say they don’t believe the hack happened because of neglect or wrongdoing on the part of UVM. “There’s always someone that will figure out some way to get beyond it. You just have to make it as hard as you can, given the knowledge that’s available,” said GMCB Chair Kevin Mullin.
In the realm of health care, lawmakers, providers, regulators, and others are always balancing improving quality, affordability, and access. Lawmakers say the hack and the renewed interest in health care cybersecurity just adds one more layer of complexity and cost for patients and taxpayers.
“This is another example of something that drives cost. The awareness that we may have to put more money into security to protect from the massive assault on electronic systems,” said Rep. Anne Donahue, R-Northfield, chair of the House Committee on Health Care.
Two years ago, Vermont lawmakers created the Joint IT Oversight Committee, which focuses on technology infrastructure issues. It’s likely they’ll tackle the health care IT issues but Donahue says this isn’t just a Vermont problem. She says what happens on the federal level from a new Biden administration, including action on the Affordable Care Act can have big implications for how health care and IT are financed in Vermont. “How do different administrations and congresses choose to set out frameworks and laws because of the financing,” Donahue said.
And as UVM works to restore its systems, regulators say nobody is immune to these attacks. “We restore trust by having people in IT tell us that they’ve done everything that they possibly can do to make sure it doesn’t happen again,” Mullin said
UVM Health Network officials have not said when they expect systems will be fully restored.
Copyright 2020 WCAX. All rights reserved.