The cyberattack that took down UVM Medical Center’s system two months ago turned out to be ransomware, according to the Health Network. IT staff found a note that did not ask for money, but included instructions to contact the criminals responsible for the attack. The health network did not follow those instructions.
UVM Health Network says no personal information, protected health information, or employee information was accessed or taken. The attack also spread malware to over 5,000 user devices. Senior Vice President of Network Information Technology, Doug Gentile, says that currently, 80% of the 600 compromised applications across the medical center have been restored and they hope to have all of them restored by the end of January.
Gentile calls this a huge under taking, “If there’s any good news in an event like this, it’s that there is no evidence that any of our patient or employee data was accessed or extracted from the medical center. At this point we’re confident that the hackers didn’t obtain sensitive date.”
According to the hospital, the cyberattack corrupted files and data behind its infrastructure and application servers. Although UVM had backups for all 1,500 servers affected, they had to wipe those servers clean and rebuild them.