12 August 2022IT & claims management analysis

Transparency is the key to managing cyber attacks: VCIA panel

Openness and transparency are key elements when recovering from a cyber attack that leads to a widespread disruption of operations.

At a presentation at the Vermont Captive Insurance Association’s annual conference, staff from the University of Vermont’s Medical Centre (VMC) and its captive insurer the VMC Indemnity Company (VMCIC) told attendees about the cyber attack that had hit the hospital in 2020.

The hospital was only just starting to recover from the onset of the COVID-19 pandemic in 2020, during which time it was using more and electronic records and data transfers as people worked remotely.

However, it was hit by a ransomware attack on October 28 when staff discovered that they were unable to access emails. Their IT team investigated and then discovered that a cyber attack had encrypted some but not all of their files. A ransom was demanded for data to be unencrypted.

The VMC contacted the FBI and the ransom was not paid. However, several weeks of disruption followed, as electronic records could not be accessed, faxes could not be used and phones were out of order.

Instead, the hospital bought walkie-talkies and used paper records instead, with runners being employed to ferry records about and file everything used physically. Patient lists had to be recreated via memory.

According to the VMCIC the key lessons learnt were to have openness and transparency when dealing with concerns and that it is important to create a dynamic system that can deal with demands that come in on a daily basis, especially when it comes to talking to patients and the general public. The need for backup plans was also stressed.

As a result of the procedures put into place by the hospital, there have been no liability claims made so far.