Latest ransomware attack on University of Vermont Medical Center a reminder of the human dimension of cyber risk

Summary

The University of Vermont Medical Center was the victim of a ransomware attack that has disrupted its cancer center for a month since the attack. It took one month for electronic medical records to be restored while many patients were adversely impacted as the center was unable to process the normal volume of patients with IT systems not fully restored.

Healthcare systems across the country are suffering ransomware attacks with increased frequency across the United States in 2020.

Report

Analysis

This attack came one month after the first reported death believed to have resulted from a cyber attack in Germany and also one month after the major attack on UHS, one of the US’s largest healthcare providers.

It was clear in April that hackers were not going to cease attacks against hospitals amid the pandemic. Quite the contrary. Healthcare as an industry unfortunately continues to be a soft target for threat actors—ranked at the bottom of our cyber governance industry rankings. As a result of the full embrace of technology in the operations of healthcare providers, the operational (and ultimately human) impact of ransomware attacks is more damaging.

The reasons for the poor performance in the sector are borne out of business strategies widely adopted in the industry. Though healthcare is in no way unique in its embrace of these strategies, the sector has been a posterchild for them. This includes accelerated growth via M&A, leading to increasingly complex and more difficult-to-manage networks that exponentially increase the number of vulnerabilities. This makes many hospital systems easier targets.

Most importantly, the human cost is real and growing. This should create urgency for more systemic government action to help increase the resilience of healthcare companies and hospital systems. There should also be greater transparency at a regulatory level around how well positioned healthcare providers are to prevent attacks in the first place so the remediation of key vulnerabilities can happen more frequently before IT systems are shut down and more lives put at risk.

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website