How to help
Advertise With Us
Jumponit Deals
Hike of the Week
Who's Hiring

How Vermont’s largest hospital now protects patient info 3 years after ransomware attack

By Cam Smith
Published: Oct. 12, 2023 at 5:58 PM EDT
Email This Link
Share on Pinterest
Share on LinkedIn

BURLINGTON, Vt. (WCAX) - Nearly three years after Vermont’s largest hospital fell victim to a ransomware attack, hospital officials say they’ve made progress toward better systems to protect patient information.

During the breach, nearly 1,300 servers were compromised on more than 5,000 devices across the UVM Health Network. Hospital officials say while no patient or employee information was stolen, the process cost them $65 million.

In the years since the attack, hospital officials say they’ve been able to strengthen their systems. However, experts say threats like this are becoming more commonplace.

“It affected every single part of our function, everything that we do... Unbelievable,” UVM Medical Center President and COO Dr. Stephen Leffler testified before a joint committee on Capitol Hill, referring to the employee-caused ransomware attack that compromised thousands of devices within the network in October 2020.

“Someone had their computer at home, clicked on something, plugged back into the system when they came back to work-- that’s how it happened,” Leffler said.

One click that left more than 5,000 devices across the health network under siege.

Leffler said the hospital’s IT department acted quickly and shut down everything from the internet to the hospital’s electronic medical record systems. That forced staffers to switch to paper records. The shutdown lasted nearly a month.

“You can practice all you want and we practice frequently to be down a day or two, but no one is prepared for 28 days,” Leffler said.

In the years following the attack, Leffler said the hospital has taken significant steps to double down on cybersecurity, like adding more layers of authenticating and strengthening the process to access electronic records.

“So if it happens again, I think people should be reassured that we did well the first time and we’re even more prepared now,” he said.

Despite added protections, cybersecurity experts warn threats like this one are ever-evolving, and to protect against them, it can start with you.

“I want to make it so that everyone has a security mindset so that when they see something, they immediately question it. And until organizations like Microsoft and all the other email providers do a better job of filtering those garbage emails out, those phishing attempts and the spam, it’s going to be a part of our life,” said Henry Collier, a cybersecurity expert at Norwich University.

Leffler said training for staff has improved dramatically as well. The hospital has even worked with the IT department to send out emails with fake links to use as teaching moments for employees who interact with them.

In his testimony on Capitol Hill, Leffler called on lawmakers to push for more federal grants to help purchase stronger security software.

Related Stories:

UVM Medical Center assists DC cybersecurity subcommittees

Lessons learned from cyberattack on UVM Health Network

Experts say employee education key to avoiding phishing attacks

Hospital network reveals cause of 2020 cyberattack

UVM Health Network continues to tally costs of ransomware attack

How can UVM Health Network prevent future cyberattacks?

UVM Health Network faces $21M in losses

UVM Medical Center admits it was victim of ransomware attack

UVM Heath Network cyberattack fixes expected to exceed $63M

Batch of UVM Health Network positive COVID tests not reported to Vt. health officials

YCQM Nov. 29, 2020

UVM Medical Center continuing cyberattack recovery

What are lessons learned from UVM Health Network hack?

Crippled by cyberattack, UVM Health Network says more data recovery work ahead

A closer look at the Vt. National Guard Cyber Response team

Cybersecurity experts from the Vt. National Guard help UVM Health Network

UVMHN: Significant gains made in network recovery following cyberattack

UVM Health Network slowly coming back online after cyberattack

UVM Health Network still dealing with cyberattack, mysterious smell

As investigators probe UVM hospitals’ cyberattack, IT races to repair network

UVM Health Network a victim of cyberattack

UVM Health Network investigating if network issue is result of a possible cyberattack

Copyright 2023 WCAX. All rights reserved.

Most Read

James Ahl and Alan Talley
2 arrested in connection with St. Albans armed robberies
Five New York men are accused of kidnapping and killing a man and burying him in a New...
5 men accused of kidnapping, killing man and leaving his body in a forest
File photo
Vt. education spending forecast to drive 18.5% property tax hike
File photo
New pupil weighting laws in effect as school budget season approaches
File photo
Ex of man charged in Burlington shootings had police remove gun from home

Latest News

Purple Knights fall 7-5 at Cairns
St. Mike’s mens hockey drops wild one to Assumption
After about 4 hours of deliberation, a jury found Stacey Vaillancourt, the former Rutland...
Jury finds Vt. child care provider guilty of manslaughter
The Vermont Criminal Justice Council graduated 39 police professionals from the Vermont Police...
Recruits honor Jessica Ebbighausen during graduation from the Vermont Police Academy
Beta Technologies is expanding in Plattsburgh.
Beta to embark on $41M expansion of Plattsburgh airport facility
Placeholder for Jessica Ebbighausen
Recruits honor Jessica Ebbighausen during graduation from the Vermont Police Academy