What are lessons learned from UVM Health Network hack?

Published: Nov. 18, 2020 at 6:15 PM EST
Email This Link
Share on Pinterest
Share on LinkedIn

BURLINGTON, Vt. (WCAX) - Three weeks after the University of Vermont Health Network experienced a cyber-attack crippling many of its systems, the network’s six hospitals are still not back to full strength.

UVM Health Network officials this week said they now have “read-only” access to Epic, their electronic health record management system. But as the systems come back online and the FBI tries to find out who’s responsible, we asked decision-makers who will pay for the fallout and what it means for hospital cybersecurity going forward.

The Green Mountain Care Board regulates health care in Vermont. The board is not planning a probe into a shutdown that has impacted thousands of patients. Regulators say they don’t believe the hack happened because of neglect or wrongdoing on the part of UVM. “There’s always someone that will figure out some way to get beyond it. You just have to make it as hard as you can, given the knowledge that’s available,” said GMCB Chair Kevin Mullin.

In the realm of health care, lawmakers, providers, regulators, and others are always balancing improving quality, affordability, and access. Lawmakers say the hack and the renewed interest in health care cybersecurity just adds one more layer of complexity and cost for patients and taxpayers.

“This is another example of something that drives cost. The awareness that we may have to put more money into security to protect from the massive assault on electronic systems,” said Rep. Anne Donahue, R-Northfield, chair of the House Committee on Health Care.

Two years ago, Vermont lawmakers created the Joint IT Oversight Committee, which focuses on technology infrastructure issues. It’s likely they’ll tackle the health care IT issues but Donahue says this isn’t just a Vermont problem. She says what happens on the federal level from a new Biden administration, including action on the Affordable Care Act can have big implications for how health care and IT are financed in Vermont. “How do different administrations and congresses choose to set out frameworks and laws because of the financing,” Donahue said.

And as UVM works to restore its systems, regulators say nobody is immune to these attacks. “We restore trust by having people in IT tell us that they’ve done everything that they possibly can do to make sure it doesn’t happen again,” Mullin said

UVM Health Network officials have not said when they expect systems will be fully restored.

Related Stories:

Crippled by cyberattack, UVM Health Network says more data recovery work ahead

A closer look at the Vt. National Guard Cyber Response team

Cybersecurity experts from the Vt. National Guard help UVM Health Network

UVMHN: Significant gains made in network recovery following cyberattack

UVM Health Network slowly coming back online after cyberattack

UVM Health Network still dealing with cyberattack, mysterious smell

As investigators probe UVM hospitals’ cyberattack, IT races to repair network

UVM Health Network a victim of cyberattack

UVM Health Network investigating if network issue is result of a possible cyberattack

Copyright 2020 WCAX. All rights reserved.