Burlington, Vt.-based UVM Medical Center revealed how an October 2020 ransomware attack costing it at least $50 million in lost revenue and other expenses originated, VTDigger reported July 21.
1. Doug Gentile, senior vice president of network IT at UVM Medical Center, said the attack began after an employee who took a corporate laptop on vacation opened a personal email from a homeowners association that had been hacked.
2. When the email was opened, the cybercriminals deposited malware onto the laptop. When the employee returned to work at the health system a few days later and connected to its network, the attackers were able to use the malware to launch the attack across the entire network.
3. Mr. Gentile characterized the attack as phishing and told the publication that the attackers were likely targeting whoever they could. “It certainly didn’t seem like they were specifically targeting us; we just got caught up in a broader attack,” he said.
4. Since the attack, UVM has rolled out preventive measures, including sending out regular simulated phishing emails to employees and blocking access to personal email on all work computers.
5. After discovering the malware, UVM cut off all internet connections to its network to protect its data, leaving the health system to operate without access to most of its data for several weeks. “Of course we have standard procedures for if systems go down, but being down for two to three weeks is beyond what we ever expect. It was stressful for people,” Mr. Gentile said.
6. The attack cost the hospital $40 million to $50 million, mostly in lost revenue, according to the report.
7. The employee with whom the attack originated did not face disciplinary action. The incident was clearly an accident that “could have happened to anyone,” Mr. Gentile said.