In October 2020, the University of Vermont (UVM) Health Network—a six-hospital health care organization that serves over 1 million patients throughout Vermont and upstate New York—discovered that its systems had been compromised by cybercriminals in a ransomware attack. The UVM Health Network ransomware attack led to major disruptions across the organization’s infrastructure, shutting down critical technology and delaying patient care.

This attack—which ultimately stemmed from an employee error—resulted in significant recovery costs and reputational damages for UVM Health Network, emphasizing the severity of cyber incidents within the health care industry. There are various cybersecurity lessons that organizations can learn by reviewing the details of this incident, its impact and the mistakes UVM Health Network made along the way.

The Details of the UVM Health Network Ransomware Attack

At the beginning of October 2020, a UVM Health Network employee took their work laptop on vacation with them. During this vacation, the employee used the laptop to check their personal emails. One of these emails was from the employee’s local homeowners association. Although the email seemed legitimate, the homeowners association had recently been hacked by cybercriminals. As a result, the email was actually a phishing scam. By opening the email, the employee unknowingly allowed cybercriminals to launch malware on their work laptop. When the employee came back to work and connected their laptop to the UVM Health Network’s systems, the cybercriminals then utilized that malware to target the entire organization.

On Oct. 28, the cybercriminals officially launched their attack on UVM Health Network, spreading malware across the organization’s technology. That afternoon, the organization’s IT department began receiving several reports of server issues and glitching applications. Upon investigating these reports, the department suspected a cyberattack was taking place. Fearing a potential data breach, UVM Health Network immediately went offline—thus shutting down its computer and phone systems—to protect its sensitive records. After doing so, the IT department found a text file from the cybercriminals on one of the organization’s devices. The file explained that the cybercriminals had compromised UVM Health Network’s systems and encrypted the organization’s data. To regain access to their systems and data, the cybercriminals urged the organization to contact them.UVM Health Network Ransomware Attack

While the text file didn’t contain a specific ransom demand, UVM Health Network’s IT department was fairly confident that contacting the cybercriminals would only result in such a demand—a demand that the organization did not want to satisfy. After all, there was no guarantee that the cybercriminals would actually restore the organization’s systems and data after the ransom was paid. Therefore, instead of complying with the cybercriminals’ orders, the organization contacted the FBI for assistance. From there, UVM Health Network worked closely with the FBI to identify the source of the attack and resolve the incident. In the coming weeks, Vermont Gov. Phil Scott also deployed the state’s National Guard to further assist in the matter.

Fortunately, the organization confirmed that no sensitive data (e.g., patient records or employee information) was stolen or exposed during the attack. Rather, UVM Health Network’s existing cybersecurity measures allowed the organization to regain access to most of its data through safely stored back-up copies. Nevertheless, the attack still largely disrupted the organization’s operations for several weeks while it worked to fully recover its data, remove the malware (as well as any digital backdoors created by the malware) from all infected technology and rebuild its damaged infrastructure. During this time, hundreds of employees were unable to perform their job responsibilities due to the computer and phone systems remaining shut down. What’s worse, many patients faced delayed test results, experienced appointment cancellations and had to reschedule elective medical procedures while UVM Health Network recovered from the incident. In total, it took multiple months for the organization to totally restore its infrastructure.

The Impact of the UVM Health Network Ransomware Attack

UVM Health Network ransomware attack caused a range of consequences, including the following:

Recovery costs and lost revenue
The organization incurred significant recovery expenses as a result of the attack. This includes costs related to UVM Health Network rebuilding 1,300 damaged servers, restoring 600 disabled applications, scanning and cleaning 5,000 malware-ridden computers, and repopulating its overall infrastructure with backed-up data. In addition, the organization lost a considerable amount of revenue in the time it took to recover from the incident—totaling nearly $1.5 million per day. As a whole, the attack is estimated to have cost UVM Health Network over $63 million. These costs greatly exceeded the organization’s existing cyber insurance protection, as it was only insured for $30 million.

Reputational damages
Apart from recovery expenses, the organization encountered widespread scrutiny due to the attack. Specifically, UVM Health Network was criticized for allowing employees to access their personal emails on workplace devices—a flaw that essentially led to the incident. Although the organization’s existing cybersecurity measures effectively prevented the attack from resulting in a data breach, UVM Health Network was still scrutinized for its lengthy incident recovery process, especially considering that this process resulted in delayed patient care.

Delayed system updates
Lastly, the attack forced the organization to modify its timeline for rolling out an updated electronic health record system. This system was intended to replace the organization’s current patchwork of health record applications and create a more integrated system to be utilized for both inpatient and outpatient care. While UVM Health Network had already implemented the first phase of this rollout in November 2019, the second and third phases were pushed back to November 2021 and April 2022, respectively.

Lessons Learned

There are several cybersecurity takeaways from the UVM Health Network ransomware attack. In particular, the incident showcased these key lessons:

Employee education can’t be ignored.
Employees are often the first line of defense against cyberattacks. In fact, as many as 90% of such attacks stem from human error. This issue was certainly emphasized during UVM Health Network’s cyber incident. If the organization had educated its employees on safe email protocols and phishing detection measures, it’s possible that this attack could have been avoided altogether. As such, it’s crucial to share the following cybersecurity best practices with employees:

  • Avoid opening or responding to emails from unfamiliar individuals or organizations. If an email claims to be from a trusted source, verify their identity by double-checking the address.
  • Never click on suspicious links or pop-ups, whether they’re in an email or on a website. Don’t download attachments or software programs from unknown sources or locations.
  • Utilize unique, complicated passwords for all workplace accounts. Never share credentials or other sensitive information online.
  • Only browse safe and secure websites on workplace devices. Refrain from using these devices for answering personal emails or browsing the internet on topics unrelated to work.
  • Contact a supervisor or the IT department if suspicious activity arises.

Effective security software is a must.
After the attack, UVM Health Network made it a priority to block employees’ access to their personal emails on all workplace devices, as well as equip this technology with more advanced security software. While this software may seem like an expensive investment, it’s worth it to minimize the impacts of potentially devastating cyber incidents. Software to consider includes network-monitoring systems, antivirus programs, firewalls, endpoint-detection products and patch-management tools. Also, it’s valuable to conduct routine penetration testing to determine whether this software possesses any security gaps. If such testing reveals any problems, these issues should be addressed immediately.

Cyber incident response plans make a difference.
UVM Health Network took an extended period of time to recover from this incident, ultimately increasing disruption concerns, delaying patient care and compounding the overall costs of the attack. Such lengthy recovery issues highlight how essential it is to have an effective cyber incident response plan in place. This type of plan can help an organization establish timely response protocols for remaining operational and mitigating losses amid a cyber event. A successful incident response plan should outline potential cyberattack scenarios, methods for maintaining key functions during these scenarios and the individuals responsible for carrying out such functions. This plan should be routinely reviewed through different activities—such as tabletop exercises—to ensure effectiveness and identify ongoing vulnerabilities. Based on the results from these activities, the plan should be adjusted as needed.

UVM Health Network Ransomware AttackRansomware attacks carry unique ramifications.
It’s important to note that UVM Health Network made a smart choice by not complying with the cybercriminals’ demands and instead reaching out to the FBI during this incident. While this practice is vital to avoid further exploitation during ransomware attacks, doing so often contributes to a lengthier incident recovery process. That being said, ransomware attack scenarios need to be considered when developing a cyber incident response plan. Namely, the plan should address specific tactics for remaining operational during the extended recovery efforts that often accompany such attacks. Additionally, it’s important that the plan prioritizes contacting law enforcement and working with insurance partners for further assistance when these events occur, as this practice can help minimize potential losses, improve incident investigation processes and better identify perpetrators.

Proper coverage can provide much-needed protection.
Finally, this attack made it clear that no organization—not even a major health care organization—is immune to cyber-related losses. That’s why it’s crucial to ensure adequate protection against potential cyber incidents by securing proper coverage. Considering how expensive cyber events can be (especially ransomware attacks), it’s best to carefully select a policy limit that will provide sufficient protection amid a costly incident. Consult a trusted insurance professional when navigating these coverage decisions.

We are here to help.

If you’d like additional information and resources, we’re here to help you analyze your needs and make the right coverage decisions to protect your operations from unnecessary risk. You can download a free copy of our eBook, or if you’re ready to make Cyber Liability Insurance a part of your insurance portfolio, Request a Proposal or download our Cyber & Data Breach Insurance Application and we’ll get to work for you.

Tom Simon

Tom Simon

Chairman of the Board

Tom has worked in the insurance industry since 1977 holding numerous positions from Account Executive and Agency Manager, President to his current role. He combines his unique ability of thinking differently with his wealth of insurance and business experience to propel CoverLink to new levels of success.

In his spare time, he enjoys spending time with his family, especially his grandkids. In addition, he’s also an avid woodsman… yes, you read that correctly. He can often be found yelling “timber” or just splitting firewood for family and friends.

 

email

Matt Simon

President

Prior to joining the team at CoverLink in 2006, Matt worked as an Underwriter with a multi-state insurance company located in Columbus, Ohio. Matt is a Certified Insurance Counselor (CIC) and Chartered Property and Casualty Underwriter (CPCU), having successfully completed the rigorous coursework and exams to earn these designations.

He also serves on the Board of Directors for the Ohio Insurance Agents Association and the Associated Risk Managers of Ohio, in addition to volunteering his time to multiple other community and industry organizations.

In 2013, Matt was awarded and recognized as the National Young Insurance Agent of the Year, and in 2019 he was recognized as the Insurance Advisor of the year by Finance Monthly.

 

team-email    team-linkedin    team-facebook

Gina Loehr

Gina Loehr

Senior Account Manager

Gina oversees the Commercial Lines division at CoverLink, which is responsible for managing the business insurance needs for clients.

She has worked in the insurance industry since 1980, beginning as a Commercial Underwriter with a regional company located in Springfield, Ohio.

In 1984, she earned her Certificate in General Insurance, and in 1995, her Accredited Advisor of Insurance designation.

In her spare time, she enjoys spending time with her family, including four grandkids, and biking.

 

email    team-facebook

Kyle Carper

Account Manager

Kyle joined the CoverLink team in 2018 as in intern when he was a junior in high school. Shortly after, he began studying to obtain his insurance license, which he passed in 2020 and joined our Personal Lines division.

Kyle helps individuals and families with their home, auto, umbrella and other personal insurance needs, which he thoroughly enjoys.

In his spare time, he enjoys spending time with the ones he loves, watching sports and playing video games.

 

email    team-linkedin    team-facebook

Tim O’Rielley

Senior Insurance Advisor

Tim works with individuals, families and businesses to design insurance policies perfectly suited to their specific needs.

He has been working in the insurance industry, and with CoverLink, since 1993. As a lifelong resident of Logan County, he’s been involved with a number of community organizations, often taking the leadership role such as President of the Chamber of Commerce, and the United Way.

He’s often found spending as much time as possible with his two daughters, and his grandkids

 

email    team-linkedin    team-facebook

Mark Osborne

Account Executive

Mark has worked at CoverLink since 2004. He specializes in life and health insurance, where he utilizes his extensive knowledge to help clients make sense of a confusing and ever changing market.

He also holds the Property & Casualty Insurance License, and often helps families as well as small businesses to set up their insurance protection plan.

Mark graciously volunteers his time to several community organizations, and enjoys spending his free time with his family

 

email    team-linkedin

Leah Loehr

Account Manager

Leah joined the Commercial Lines division at CoverLink in 2012 where she works closely with business owners on their Commercial Insurance needs to help them achieve their desired level of protection.

Leah is known for her outgoing personality, positive attitude, and relentless pursuit of the goals she sets out to achieve. Clients often rave about her and the service she provides.

In her spare time, Leah enjoys spending time with her family and friends… and she can often be found at the closest Buffalo Wild Wings!

 

email    team-facebook

Larry Middaugh

Larry Middaugh, PLCS

Senior Insurance Advisor

Larry joined CoverLink with an extensive background in sales, bringing over 30 years of experience and commitment to taking care of his clients in the banking and mortgage industry.

Larry’s dedication to his clients aligned so well with the CoverLink tradition of relentlessly caring for, and protecting its clients, that he joined the team of Licensed Insurance Advisors in 2015.

Those in need of Personal or Business Insurance are delighted after working with Larry.

Larry defines success as knowing his purpose in life, continuing to grow to reach his fullest potential and sowing seeds that benefit others. He’s a father of three incredible children and husband to an amazing, kind and loving wife.

 

email    team-linkedin    team-facebook

Tony Fink

Tony Fink, CIC, CLCS

Insurance Advisor

Tony is responsible for serving the needs of individuals and businesses looking for property & casualty insurance. In addition, he’s licensed and capable of advising clients that desire life insurance protection.

He’s a Certified Insurance Counselor (CIC) and a Commercial Lines Coverage Specialist (CLCS), having successfully completed the rigorous coursework and exams to earn these designations.

Tony entered the insurance industry in 2008 bringing a diverse background of experience and knowledge to his Account Executive position with CoverLink.

In his free time, Tony enjoys spending time with his family, being outdoors, following sports and listening to music.

 

email    team-linkedin

Meg Barton

Meg Barton

Senior Account Manager

Meg works in the Commercial Lines division at CoverLink as an Account Manager, where she helps businesses with their varying & complex insurance needs, from Business Auto to Commercial Liability, Directors & Officers to Commercial Property.

Meg earned her Bachelor’s degree in Business Management from Urbana University in Ohio. She has been active in the insurance industry since 2006, and is an Ohio Notary.

In her spare time, Meg enjoys spending time with her family at Indian Lake, listening to live music and reading.

 

email    team-linkedin    team-facebook

Jordan Springs

Jordan Springs

Account Manager

Jordan joined the CoverLink team in 2017, bringing top-notch client service skills acquired through several years in the banking industry.

She’s constantly assisting and advising clients on their personal insurance needs – home, auto, jewelry, umbrella and other policies – not to mention, she’s just plain fun to be around!

In her spare time, Jordan enjoys spending time with family and friends, especially her husband and two kids.

 

email    team-facebook

Jill Rawlins

Jill Rawlins

Account Manager

Jill works in the Personal Lines Department where she helps individuals and families with their Home, Auto, Umbrella and other personal insurance needs.

She graduated with her Bachelor’s Degree in 2009 from Otterbein University, and shortly after began her career in the insurance industry.

In addition to holding the Ohio Property & Casualty Insurance License, she also has her Accident & Health, Life and Variable licenses.

Jill enjoys spending as much time as she can with her family, and especially enjoys being with her little girl who makes her laugh often.

 

email    team-facebook

Chris Badenhop

Chris Badenhop

Insurance Advisor

Chris joined the CoverLink team in 2017 with a diverse and exciting professional and educational background. He works with individuals, families and businesses to find the ideal solution for their insurance needs.

He brings a positive attitude and a desire to help his clients in his position as an Insurance Advisor, but most importantly, he shares one of the most fundamental beliefs we hold dear within our organization: he cares. He cares about his clients, he cares about protecting all that’s important to them, and above all, he cares about doing what’s in the best interest of his clients. His enthusiasm and empathy set him apart, and he’s backed by the top-notch service provided at CoverLink, making him a tremendous asset to his clients. In short, Chris puts people before policies.

In his free time Chris enjoys spending time in the outdoors hunting and fishing. He’s also a passionate sports fan devoting support to all levels of play.

 

email    team-linkedin    team-facebook

Joe Cooney

Joe Cooney

Senior Insurance Advisor

Shortly after graduating from John Carrol University in 2008, Joe began his insurance career. His original focus and expertise was on personal lines and small commercial accounts, but he has since expanded his focus to include Cyber Insurance and Life Insurance, among other products.

Joe resides in Fairview Park, Ohio with his wife Megan and young son Jack. In his spare time, he coaches youth basketball and volunteers for the special Olympics.

 

email    team-linkedin    team-facebook

Kelli Young

Kelli Young

Director of Marketing

Kelli brings extensive marketing expertise to CoverLink after spending nine years in the automotive industry, where she gained valuable insight in the areas of design, digital presence, and content creation.

After joining CoverLink in 2015, her focus has been on telling the story of our long standing belief, that people are more important than policies, in a fresh way with a digital twist, allowing consumers who believe what we believe to find us easier.

Kelli graduated from Ohio University in 2006 with a Bachelor’s Degree in Communications, and earned her Master’s Degree in Business from Ashland University in 2010.

She enjoys spending time with her family, especially being outside with her son and two daughters.

 

email    team-linkedin    team-facebook

Jami Radern

Jami Rader

Director of First Impressions

As the Director of First Impressions, Jami brings top-notch client service skills. She’s constantly assisting clients with billing inquiries, working to resolve any frustrating issues they’re having, and she’s just plain fun to be around!

In her spare time, Jami enjoys spending time with family, especially her husband and four children and going on four-wheeling trips together.

Erika Asher

Account Manager

Erika works in the Commercial Lines division at CoverLink as an Account Manager, where she helps businesses with their varying & complex insurance needs, from Business Auto to Commercial Liability, Directors & Officers to Commercial Property.

In her spare time, Erika enjoys hiking, reading, and spending time with her son.

 

email

Alissa Grim

Alissa Grim

Account Manager

Alissa works as an Account Manager where she helps individuals and families find the insurance that best fits their needs.

In addition to earning her Ohio Property & Casualty Insurance license in 2008, Alissa received her Life Insurance License in 2010.

In her spare time, Alissa enjoys spending time with her family camping, and watching her son race go karts around the U.S.

Vickie Allen

Vickie Allen

Account Manager

Vickie has worked at CoverLink since 2000 helping clients with a diverse set of needs, from securing the coverage that’s best for their individual situation, to providing guidance when claims or billing questions arise.

Vickie currently holds the Ohio Property & Casualty Insurance License, and is well known to clients because of her infectious personality and radiant smile that greets them when visiting the office.

In her spare time she enjoys spending time with family and friends, and traveling.

Randy Leopard

Randy Leopard

Vice President

Randy began his insurance career in 2000 working with both personal and business clients on their health insurance needs.  In 2008, he expanded his area of focus to include all types of insurance his clients needed from home & auto insurance, business insurance and farm insurance.

Randy resides in Urbana where he enjoys spending time with his family, and watching his horses race from time to time.

Melodi Wilkins

Melodi Wilkins

Senior Account Manager

Melodi has called CoverLink her ‘work home’ since 2009.  In her position as a Senior Account Manager, she works closely with clients needing home, condo, renters, auto, umbrella and other types of personal insurance coverage. Melodi also provides service and assistance to businesses regarding their insurance protection needs.

In her spare time, Melodi enjoys being outside and spending time with her family, especially with her granddaughter.

Morgan Edwards

Morgan Edwards

Account Manager

Morgan joined the CoverLink family in 2019, as an Account Manager. She helps her clients with personal insurance needs such as, home, condo, renters, auto umbrella and more. In addition, she works closely with business owners on their Commercial Insurance needs to help them achieve their desired level of protection.

In her spare time, Morgan enjoys spending time with her family and friends, making memories and enjoying all that life has to offer!

Sam Ankrom

Insurance Advisor

Sam joined the Coverlink team in 2020 with a strong passion and drive to help people. As an insurance Advisor with his Property & Casualty license, he assists individuals and business with all of their insurance needs.

He is dedicated to going above and beyond for his clients and wants to make sure every client is not only properly insured, but can also feel like a part of the Coverlink family. Sam is committed to helping everyone feel confident and comfortable with their insurance decisions and have the peace of mind knowing they are taken care of by not only himself, but by the entire Coverlink team.

Outside of work you can usually find Sam spending time with friends and family, or outside on the golf course.