Monday, March 29, 2021

UVM Medical Center shares lessons learned after ransomware attack

Credit – University of Vermont
PARCA eNews – March 22, 2021 – Last fall, the University of Vermont Medical Center suffered a system-wide shutdown of its network due to a ransomware attack that prompted federal agencies including the HHS and FBI to issue a warning about cyber criminals targeting healthcare systems.

After the organization finally repaired the damage and recovered the network operations an assessment of the system’s cybersecurity measures found several shortcomings that could have at least minimized the damage. They shared their lessons learned in an article in the March 2021 ACR Bulletin.
In the incident, malware was loaded onto an employee’s off-network hospital laptop where it sat for two weeks waiting to be deployed. When the employee logged in via the VPN the ransomware quickly spread throughout the hospital network causing a system-wide outage.

Lessons learned:
  • Segmenting the network would have separated the the most sensitive data from everything shared outside of the internal network. Without some kind of data separation a virus quickly spreads.
  • There is a disconnect between vendors and IT departments. Too little attention is paid to security when new equipment is installed and configured.
  • Adequately staffing your security effort must be a priority. A larger institution must have adequate internal expertise dedicated to managing security. Smaller practices may need to rely on outsourcing security operations
  • Regardless of the size of the operation an incident response protocol must be put in place and must include a disaster management team charged with talking everyone through a checklist
  • Ensure staff are trained in paper reporting and can revert to paper when needed.
  • Create a paper directory for all staff that can be accessed in each department not just your own department
  • Using multi-factor authentication and vetting security vendors is critical
  • Staff training on recognizing Phishing and other attack techniques needs to be ongoing
  • Make a plan for contacting patients when needed
  • Contact equipment vendors about updating older systems and find out what support they provide in the case of a breach
Cybersecurity experts agree that it is impossible to guard against all attacks, consequently taking the right steps in advance can minimize the damage and hasten the recovery.

Source: ACR Bulletin, February 23, 2021 published in the March issue

No comments:

Post a Comment