Vermont governor deploys National Guard in response to UVM cyberattack

Vermont Governor Phil Scott this week ordered the state Army National Guard’s Combined Cyber Response Team to help in responding to a cyberattack against the University of Vermont Health Network.

The system last week suffered a “significant” attack that disrupted services at six facilities in Vermont and upstate New York. Although UVM said it was making “substantial progress” toward restoration, access to the MyChart Patient Portal was still unavailable in multiple locations listed on UVM’s website.  

“I appreciate the work of the UVM Health Network, with support from State agencies and state and federal law enforcement, to respond quickly to this cyberattack, putting patient safety first and steadily restoring systems in a safe and secure manner,” said Gov. Scott in a statement. 

“The support of the Guard’s talented and experienced Cyber Response Team will further bolster this important work,” he said.  

WHY IT MATTERS  

The National Guard will assist UVM in ensuring thousands of end-user devices are free of any malware or virus, according to a statement on the Vermont governor’s website.   

The Combined Cyber Response Team, or CCRT, is able to respond in support of state or federal missions. According to the governor’s website, the team recently participated in a national-level exercise built around providing cyber support to partners such as UVM.

“National Guard Cyber Soldiers are trained IT professionals that come with military and industry backgrounds and training. This diverse training and experience [foster] efficient and effective cyber response teams capable of a wide range of technological security tasks,” said Col. Chris Evans, chief information officer at the Vermont Army National Guard, in a statement. UVM described the process on Thursday as “ongoing” and “expected to take some time.”   

Meanwhile, UVM said that it had been able to retrieve some appointment schedules for the University of Vermont Medical Center, Central Vermont Medical Center, Champlain Valley Physicians Hospital and Porter Medical Center. It urged patients to try and confirm their appointments and advised that lab results would be delayed 24 to 48 hours.   

“We know much work remains ahead of us,” said the system on its website.  

THE LARGER TREND

Although FBI Albany confirmed to Healthcare IT News that it was working with UVM on investigating the attack, it could not offer any further details last week – including about the nature of the incident.   

Still, the attack came amidst a wave of threats against hospitals around the country, including reported spear phishing attempts targeting Massachusetts health system leaders and attacks on hospitals in New York and Oregon.

The FBI, in conjunction with the U.S. Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency, issued a warning last week about “increased and imminent” threats to hospital cybersecurity.   

“Ransomware attacks on our healthcare system may be the most dangerous cybersecurity threat we’ve ever seen in the United States,” said Charles Carmakal, chief technology officer of cybersecurity firm Mandiant, in a press statement.  

ON THE RECORD  

“The UVM Health Network continues to work around the clock to repair our system and deliver the highest quality care to our patients,” said Dr. John R. Brumsted president and CEO of the UVM Health Network, in a statement. “We are grateful to the Vermont National Guard and Governor Phil Scott’s administration for dedicating invaluable resources to our efforts.”

 

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: [email protected]
Healthcare IT News is a HIMSS Media publication.

Source: Read Full Article