The University of Vermont has come under attack, virtually. No, it’s not that Suresh is facing an endless wave of cyber-bullying (although someone should totally start that), but rather that the UVM Health Network’s online systems have become subject to a ransomware attack. The attack occurred on Oct. 25 and has drowned the UVM Medical Center in uncertainty, chaos, conspiracy theories, and monotonous tasks ever since.
But before we get to all of that, we should answer a fundamental question: what the fuck is ransomware? Essentially, it is a piece of malware (software designed with the intention cause damage to its host) that encrypts the victim’s information so that it cannot be accessed until a ransom is paid. Now, this may sound like some very Mr. Robot hackery bullshit, but that is not necessarily the case. While certain ransomware strategies do include taking advantage of holes in cybersecurity schemes, one of the most common delivery methods is email phishing. That’s right, it is entirely possible that the cause of this whole crisis is some undergrad who works at the hospital got a spam email about offering $1000 per week to do 10 hours of work and decided to click the link. Foolish child, no one is ever going to pay you what you are worth, so if someone offers to, it’s probably a scam.
Okay, back to what happened at UVM. The virtual attack originally locked electronic patient records across all six hospitals connected to the UVM Health Network. The patient portal where patients access their appointment information and medical history was also compromised. Along with the possible exposure of incredibly private and personal information, the availability and accessibility of most health care services have seen a drastic decline. For example, prior to October 25th the UVM Medical Center had the capacity for 45 to 60 chemotherapy appoints in a day, that number has now been reduced to 15 patients.
According to a student currently working in the Pharmacy for the UVM Medical Center, productivity has been essentially cut in half. When asked about what specific problems they have experienced, they replied, “We used to have a tube for sending medications all over the hospital like at the banks but now we have to walk the medications from place to place. A whole 8-hour shift was spent just walking between places.”
I want to stress that this is no way due to a lack of response by the UVM medical community. The staff working at the UVM facilities switched to paper medical records as soon as they learned about the attack. According to an update given by Medical Center, “The UVM Health Network team is literally working day and night to address this situation and the Governor has called the Vermont National Guard into service to bolster our own resources.” We are very thankful for the sacrifices of those working at both the UVM Medical Center and UVM Health Network, especially during such chaotic times, and you should be too.
The team from the national guard is the Combined Cyber Response Team and is designed to respond rapidly to cyber threats at the federal and state level. While we are very fortunate and thankful to have the help of the National Guard, I just hope they know tear gas and rubber bullets won’t help solve this issue. Despite the collaboration of so many organizations and the continuous hard work of everyone involved, there is currently no projection as to when the issue will be resolved. Although, the resolution of the ransomware attack on Universal Health Services, a major US medical system, took more than three weeks, so don’t hold your breath (you would probably pass out).
So who is responsible for the attack? The student who gave the previous quote told us rumors have been flying around that it’s “the Russians.” How crazy that the entire country of Russia was able to ban together to bring down the UVM Health Network (also an objectively hilarious image). They did note that this was a possible scapegoat. Some news sources such as the VTDigger have wondered whether this attack is connected to a number of other ransomware attacks on hospitals across the country. Those attacks have been linked to a hacker group known as “Wizard Spider.” And while they are obviously awful, terrible people, that is a sick name that I think UVM should trade for “Catamount.” Still, there is no real evidence pointing to “The Russians,” Wizard Spider, or anyone else.
What we need to acknowledge is that this is a shitty situation for everyone. Patients are unable to get the care they need and physicians and all other medical workers are working day and night trying to figure out how to both resolve the situation and find the best possible way to continue service until that happens. This is not a time for panic, but rather patience and understanding. Well, for everyone except for your roommate who drinks too much every weekend, blacks out, and finds themselves in a hospital bed every morning. They just need to get their shit together (probably some professional help). I guess what I am trying to say is just have some fucking empathy.