Vermont governor deploys National Guard in response to UVM cyberattack

The Combined Cyber Response Team will assist the University of Vermont Health Network in ensuring thousands of end-user devices are free of malware or viruses.
By Kat Jercich
11:29 AM

Vermont Governor Phil Scott this week ordered the state Army National Guard's Combined Cyber Response Team to help in responding to a cyberattack against the University of Vermont Health Network.

The system last week suffered a "significant" attack that disrupted services at six facilities in Vermont and upstate New York. Although UVM said it was making "substantial progress" toward restoration, access to the MyChart Patient Portal was still unavailable in multiple locations listed on UVM's website.  

“I appreciate the work of the UVM Health Network, with support from State agencies and state and federal law enforcement, to respond quickly to this cyberattack, putting patient safety first and steadily restoring systems in a safe and secure manner,” said Gov. Scott in a statement. 

"The support of the Guard’s talented and experienced Cyber Response Team will further bolster this important work," he said.  
"It is great to see the governor and the Guard step in to help, and I would not be surprised to see more health systems in the future reach out for this kind of assistance," said Drex DeFord, healthcare executive strategist for CI Security, in a statement to Healthcare IT News. "Seems very appropriate given the need to put critical healthcare infrastructure back on-line as quickly as possible. The process to make these kinds of requests for assistance should be a part of every health systems Incident Response checklist."


The National Guard will assist UVM in ensuring thousands of end-user devices are free of any malware or virus, according to a statement on the Vermont governor's website.   

"Attacks that focus on or originate from end-user devices have long recovery times because of the enormous number of devices in a health system of this size. Every individual machine needs to be tested, possibly repaired or upgraded, and then certified as 'clean' before being put back on the network," said DeFord.

"UVMHN has likely created a series of tests/steps that has to be performed on each machine; adding more testers (the Guard) to the process means they’ll work their way through the entire inventory more quickly," he added.

The Combined Cyber Response Team, or CCRT, is able to respond in support of state or federal missions. According to the governor's website, the team recently participated in a national-level exercise built around providing cyber support to partners such as UVM.

"National Guard Cyber Soldiers are trained IT professionals that come with military and industry backgrounds and training. This diverse training and experience [foster] efficient and effective cyber response teams capable of a wide range of technological security tasks," said Col. Chris Evans, chief information officer at the Vermont Army National Guard, in a statement. UVM described the process on Thursday as "ongoing" and "expected to take some time."   

Meanwhile, UVM said that it had been able to retrieve some appointment schedules for the University of Vermont Medical Center, Central Vermont Medical Center, Champlain Valley Physicians Hospital and Porter Medical Center. It urged patients to try and confirm their appointments and advised that lab results would be delayed 24 to 48 hours.   

"We know much work remains ahead of us," said the system on its website.  


Although FBI Albany confirmed to Healthcare IT News that it was working with UVM on investigating the attack, it could not offer any further details last week – including about the nature of the incident.   

Still, the attack came amidst a wave of threats against hospitals around the country, including reported spear phishing attempts targeting Massachusetts health system leaders and attacks on hospitals in New York and Oregon.

The FBI, in conjunction with the U.S. Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency, issued a warning last week about "increased and imminent" threats to hospital cybersecurity.   

"Ransomware attacks on our healthcare system may be the most dangerous cybersecurity threat we’ve ever seen in the United States," said Charles Carmakal, chief technology officer of cybersecurity firm Mandiant, in a press statement.  


"The UVM Health Network continues to work around the clock to repair our system and deliver the highest quality care to our patients," said Dr. John R. Brumsted president and CEO of the UVM Health Network, in a statement. "We are grateful to the Vermont National Guard and Governor Phil Scott's administration for dedicating invaluable resources to our efforts."


Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Healthcare IT News is a HIMSS Media publication.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.