A team of information technology professionals from Vermont's National Guard has been called in to help the University of Vermont Health Network respond to a cyberattack that's disrupted services for the past week.
The National Guard will help UVM Health Network review thousands of staff computers and devices to ensure there's no traces of malware.
Vermont Gov. Phil Scott on Wednesday announced he had ordered the National Guard's cyber response team to service on account of the cyberattack at UVM Health Network.
"I appreciate the work of the UVM Health Network, with support from state agencies and state and federal law enforcement, to respond quickly to this cyberattack, putting patient safety first and steadily restoring systems in a safe and secure manner," Scott said in a statement.
The National Guard's cyber soldiers are trained in cyber operations including network defense, forensic analysis and incident response. As a military reserve force, National Guard soldiers—including cyber soldiers—hold full-time civilian jobs while also maintaining their military training.
"There are a couple of things the military does really well—they provide expertise, they have the ability to respond quickly and at scale," said Caleb Barlow, CEO and president of cybersecurity consulting firm CynergisTek. "They're able to provide surge capacity that's needed in a critical attack like this."
A cyberattack last week brought down UVM Health Network's IT systems—including its scheduling, patient portal and its electronic health record system—which staff are in the process of restoring. Staff at the health system in the meantime are following downtime procedures, which involves switching to paper record-keeping.
UVM Health Network is working with the Federal Bureau of Investigation and the Vermont Department of Public Safety to investigate the cyberattack.
National Guard teams in recent months have been called to respond to ransomware attacks at city governments and to provide support during state elections.
But "it's not very common" for a National Guard team to respond to a hospital cyberattack, said David Nides, a principal in consulting firm KPMG's cybersecurity services practice.
The cyberattack at UVM Health Network comes on the heels of the FBI, HHS and the Homeland Security Department issuing a warning last week that hackers are targeting healthcare with ransomware attacks.
Universal Health Services in September disclosed what appears to be one of the largest reported healthcare cyberattacks. To contain the malware intrusion discovered Sept. 27, UHS took all of its U.S. IT networks offline; the health system wasn't able to restore all of its systems for multiple weeks.
That's not uncommon when responding to a cyberattack, according to Nides.
"On average, based on my experience, it can easily take at minimum two to three weeks to get some of the critical applications and databases back up and running," he said. "The road to recovery is not quick."
Also in September, a patient in Germany died after an ambulance was diverted from a hospital hit with ransomware, in what many have called the first death resulting from a ransomware attack.
The American Hospital Association has argued that ransomware attacks against hospitals should be prosecuted as threat-to-life crimes, not economic crimes.
UVM Health Network has said it's unsure when all of its systems will be restored.
UVM Health Network in an update Thursday said the process to review computers and devices with the National Guard is "ongoing" and is "expected to take some time."
"The UVM Health Network continues to work around the clock to repair our system," Dr. John R. Brumsted, president and CEO of UVM Health Network, said in a statement. "We will continue to dedicate all available resources to this response until our systems are restored."