According to a University of Vermont Health Network official, a cyberattack that crippled the computer systems of a hospital network affecting six hospitals in Vermont and New York last fall occurred after an employee opened a personal email on a company laptop while on vacation.
According to Doug Gentile, network chief medical information officer, the email came from a legitimate local business that had been hacked. The malware was contained in an attachment in the email. The attackers were ready and waiting when the employee returned from vacation and logged onto the UVM network through a virtual private network, he said.
“We have no evidence that UVM was singled out for attack. “We were just the victims of a large-scale phishing attack,” Gentile said on Tuesday.
VTDigger was the first to report on the attack. Officials said at the time that the October 2020 cyberattack caused significant, ongoing computer network problems for the University of Vermont Health Network, affecting its six hospitals in Vermont and New York. The FBI and two other federal agencies issued an alert the same day, stating that they had “credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers.”
By looking through detailed logs, UVM was able to figure out how the cyberattack occurred a week or so later, according to Gentile. It had immediately contacted state and federal authorities, and the FBI had been extremely helpful in the investigation, he said. According to him, the attack was carried out by a criminal gang that the FBI is familiar with.
“These people are virtual and can exist in any location. The majority of them are offshore, out of reach of our law enforcement,” he said.
UVM Health Network had blocked access to personal email for anyone on the network at the time of the attack, but had not yet extended that to machines off the corporate network, which it had planned to do this year, according to Gentile. He claims it has since done so.
The FBI and two other federal agencies issued an alert the same day, stating that they had “credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers.”
UVM has blocked access to all corporate assets, installed more advanced viral wall protection on all corporate assets, and significantly tightened its vpn access since the attack, he said.