Cyberattack on U. of Vermont hospital IT network delays chemotherapy, mammogram appointments

A cyberattack at the University of Vermont Health Network has forced one of the network’s hospitals to delay chemotherapy and mammogram appointments, making it the latest example of how cybercriminals can impact patient care.

The disruption of computer systems at the health network, which comprises six hospitals and more than 1,000 physicians, began the week of Oct. 25, the organization said. The attack made some of the data used to process appointments for cancer patients temporarily unavailable. And the health network said that as of Monday it was still unable to conduct mammograms, breast ultrasound screenings and biopsies because of a lack of access to patient data.

The health network is nonetheless still treating cancer patients and is working to “expand our capacity” to provide chemotherapy seven days per week, the organization said in a statement on Saturday.

The laborious recovery process is ongoing.

“We are slowly and methodically restoring some systems,” Neal Goswami, a spokesperson for the health network said Monday. “That will take some time. But we’re making progress.”

It’s a window into the intense and multifaceted process a critical-infrastructure organization faces in recovering from a serious security incident. Forensic specialists are combing thousands of computers for malicious software. Experts from Cisco and Microsoft are helping out, according to Goswami, as is Vermont’s Army National Guard. The FBI is also investigating the attack.

Employees are affected, too. About 300 at the health network’s main hospital, the University of Vermont Medical Center, have had their jobs disrupted, according to Goswami. One hundred and twenty-nine of those people have been temporarily reassigned, and the health network is trying to do the same for the other employees, he said.

The cyberattack coincided with a series of reported ransomware attacks on hospital computers in multiple U.S. states. Experts say it is one of the more significant cyberthreats to the health sector in recent memory. Federal agencies warned that ransomware known as Ryuk, whose sponsors are known for extorting large sums from victim organizations, was involved in the attacks.

Goswami referred questions on whether Ryuk was involved in the incident at UVM Health Network to the FBI.

Despite the deadly coronavirus pandemic, many criminal groups have continued to target health care organizations. There have been more publicly reported ransomware attacks on health care providers this year than in all of 2019, according to Allan Liska of threat intelligence company Recorded Future.

“If it’s one thing a hospital doesn’t need during a pandemic its [sic] a cyberattack,” one user wrote on the University of Vermont Medical Center’s Facebook page. “Hope those responsible are found and prosecuted.”

UPDATE, 11/10/20, 09:50 a.m. EDT: This story has been updated with a statement from the FBI.