The University of Vermont Health Network Company Cyber Security Posture
uvmhealth.orgWorking together to better serve our communities makes us stronger, focused on collaboration instead of competition. As a team, The University of Vermont Health Network improves the lives of our patients by delivering outstanding care cost-effectively, as close to patients'โ homes as possible. Our hospitals and physicians are bringing the best of community and academic medicine together, sharing their knowledge and resources to give patients access to leading-edge technology, advanced treatment options and the highest level of compassionate care are the heart and science of medicine. The University of Vermont Health Network cares for communities on both sides of Lake Champlain, from the Adirondacks to the Green Mountains and beyond. Members include: The University of Vermont Medical Center, formerly known as Fletcher Allen Health Care, and affiliated with the University of Vermont Colleges of Medicine and Nursing and Health Sciences Alice Hyde Medical Center Central Vermont Medical Center Champlain Valley Physicians Hospital Elizabethtown Community Hospital Our network was created in October 2011 when Fletcher Allen in Burlington, Vermont, and Central Vermont Medical Center in Berlin, Vermont, signed an affiliation agreement. In January 2013, New York partners Champlain Valley Physicians Hospital in Plattsburgh and Elizabethtown Community Hospital in Elizabethtown joined the affiliation. In 2016, Alice Hyde Medical Center joined. The network was originally called Fletcher Allen Partners.
UVHN Company Details
the-university-of-vermont-health-network
7311 employees
6590.0
62
Hospitals and Health Care
uvmhealth.org
Scan still pending
THE_2962616
In-progress
UVHN Risk Score (AI oriented)Between 800 and 900
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
UVHN Global Score.png)
The University of Vermont Health Network Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 800 and 900 |
The University of Vermont Health Network Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| The University of Vermont Health Network | Cyber Attack | 100 | 7 | 10/2020 | THE145216222 | Link | |
Rankiteo Explanation : Attack that could injure or kill peopleDescription: The computer network system of the University of Vermont Health Network was hit by a cyberattack that affected its six hospitals. Many surgeries and appointments were rescheduled till the servers were restored, however, emergency services were given priority. | |||||||
| The University of Vermont Medical Center | Data Leak | 60 | 3 | 05/2017 | THE1159261022 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: The University of Vermont Medical Center suffered from a phishing incident in May 22 after an unauthorised third party got access to an employee's email account. 2300 UVM Medical Centre patients were impacted by this occurrence. An email in the account was found to have patient information, including possible patient names, addresses, dates of birth, medical record numbers, and clinical details including diagnoses, treatments, doctors' names, and prescriptions. The email account did not contain the patients' social security numbers or financial details such as bank account or credit card numbers. They started an investigation and swiftly terminated the employee's email account. | |||||||
The University of Vermont Health Network Company Subsidiaries
Working together to better serve our communities makes us stronger, focused on collaboration instead of competition. As a team, The University of Vermont Health Network improves the lives of our patients by delivering outstanding care cost-effectively, as close to patients'โ homes as possible. Our hospitals and physicians are bringing the best of community and academic medicine together, sharing their knowledge and resources to give patients access to leading-edge technology, advanced treatment options and the highest level of compassionate care are the heart and science of medicine. The University of Vermont Health Network cares for communities on both sides of Lake Champlain, from the Adirondacks to the Green Mountains and beyond. Members include: The University of Vermont Medical Center, formerly known as Fletcher Allen Health Care, and affiliated with the University of Vermont Colleges of Medicine and Nursing and Health Sciences Alice Hyde Medical Center Central Vermont Medical Center Champlain Valley Physicians Hospital Elizabethtown Community Hospital Our network was created in October 2011 when Fletcher Allen in Burlington, Vermont, and Central Vermont Medical Center in Berlin, Vermont, signed an affiliation agreement. In January 2013, New York partners Champlain Valley Physicians Hospital in Plattsburgh and Elizabethtown Community Hospital in Elizabethtown joined the affiliation. In 2016, Alice Hyde Medical Center joined. The network was originally called Fletcher Allen Partners.
Access Data Using Our API
Get company history
Rapid.png)
UVHN Cyber Security News
University of Vermont Health Network: Appointments on schedule following network outage
The University of Vermont Health Network is planning to proceed with all patient appointments on Monday following last week's cybersecurityย ...
HIMSS25 Healthcare Cybersecurity Forum: Beyond tips and best practices
The day-long preconference symposium will offer real-world lessons on building safer and more resilient IT systems while creatingย ...
UVM Health Network services restored following cyber outage
BURLINGTON, Vt. (WCAX) - It's back to business as usual at the University of Vermont Health Network after systems were impacted by aย ...
Cyberattacks plague health care. Critics call the federal response 'inadequate'
The hack paralyzed swathes of the US health care system. Hospitals, pharmacists and even physical therapists struggled to bill for their services.
Why U.S. health care cybersecurity laws are better at protecting a corpse's privacy than patients' lives
Why is health care cybersecurity so poor, if we already have laws like HIPAA? Part of the problem, experts told STAT, is that current policiesย ...
Ransomware Attacks on Hospitals Put Patients at Risk
Ransomware hijacks computer systems and holds them hostage until the victims pay a ransom or restore the system on their own. It typicallyย ...
UVM Health Restores Electronic Health Record System One Month After Ransomware Attack
University of Vermont Health Network has announced it has brought its electronic health record (EHR) system back online, a month afterย ...
FBI is investigating cyberattack at UVM Health Network
Leffler said he didn't know whether UVM Medical Center had been hit by malware or ransomware. He couldn't say what online systems were impacted,ย ...
The growing threat of ransomware attacks on hospitals
โHospitals' systems were already fragile before the pandemic. Then the ransomware attacks became more varied, more aggressive, and with higherย ...
UVHN Similar Companies
Unilabs
We are one of Europeโรรดs leading suppliers of clinical laboratory testing and medical diagnostic imaging services to private and public healthcare providers, local governments, insurance companies, pharmaceutical companies and the general public. We operate laboratory and medical diagnostic imaging
Cardinal Health
Cardinal Health is a distributor of pharmaceuticals, a global manufacturer and distributor of medical and laboratory products, and a provider of performance and data solutions for healthcare facilities. With more than 50 years in business, operations in more than 30 countries and approximately 48,00
Health Care Service Corporation
Health Care Service Corporation serves nearly 23 million people across the United States through its portfolio of health benefit solutions. HCSC provides health coverage options for employers large and small, individuals and families, and Medicare and Medicaid plans. HCSC also offers related health
Scripps Health
Care You Can Count On Whether you are searching for your next career opportunity or looking for care for yourself or a family member, youโll find what you need at Scripps. Founded in 1924 by philanthropist Ellen Browning Scripps, Scripps is a non-profit integrated health care delivery system based
Henry Ford Health
*Job seekers: please be aware of fraudulent job postings and phishing scams via LinkedIn. Henry Ford Health only contacts applicants through our human resources department and via a corporate email address. Here are some tips to be aware of: http://ow.ly/Kc0o50EKory Serving communities across Mich
RWJBarnabas Health
RWJBarnabas Health (RWJBH) is the largest, most comprehensive academic health care system in N.J., with a service area covering eight counties with five million people. Our health system includes 12 acute care hospitals (Clara Maass Medical Center; Community Medical Center; Cooperman Barnabas Medica
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
UVHN CyberSecurity History Information
How many cyber incidents has UVHN faced?
Total Incidents: According to Rankiteo, UVHN has faced 2 incidents in the past.
What types of cybersecurity incidents have occurred at UVHN?
Incident Types: The types of cybersecurity incidents that have occurred incidents Cyber Attack and Data Leak.
How does UVHN detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through containment measures with Terminated the employee's email account.
Incident Details
Can you provide details on each incident?
Incident : Phishing
Title: Phishing Incident at University of Vermont Medical Center
Description: The University of Vermont Medical Center suffered from a phishing incident in May 22 after an unauthorised third party got access to an employee's email account.
Date Detected: 2023-05-22
Type: Phishing
Attack Vector: Email
Vulnerability Exploited: Human error leading to unauthorized access
Threat Actor: Unauthorized third party
Incident : Cyberattack
Title: Cyberattack on University of Vermont Health Network
Description: The computer network system of the University of Vermont Health Network was hit by a cyberattack that affected its six hospitals. Many surgeries and appointments were rescheduled till the servers were restored, however, emergency services were given priority.
Type: Cyberattack
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
How does the company identify the attack vectors used in incidents?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Phishing email.
Impact of the Incidents
What was the impact of each incident?
Incident : Phishing THE1159261022
Data Compromised: Patient names, Addresses, Dates of birth, Medical record numbers, Clinical details including diagnoses, treatments, doctors' names, and prescriptions
Systems Affected: Email account
Incident : Cyberattack THE145216222
Systems Affected: Six hospitals
Operational Impact: Many surgeries and appointments were rescheduled
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Patient names, Addresses, Dates of birth, Medical record numbers, Clinical details including diagnoses, treatments, doctors' names and and prescriptions.
Which entities were affected by each incident?
Incident : Phishing THE1159261022
Entity Type: Healthcare
Industry: Healthcare
Location: Vermont
Customers Affected: 2300 patients
Response to the Incidents
What measures were taken in response to each incident?
Incident : Phishing THE1159261022
Containment Measures: Terminated the employee's email account
Data Breach Information
What type of data was compromised in each breach?
Incident : Phishing THE1159261022
Type of Data Compromised: Patient names, Addresses, Dates of birth, Medical record numbers, Clinical details including diagnoses, treatments, doctors' names, and prescriptions
Number of Records Exposed: 2300
Sensitivity of Data: High
Personally Identifiable Information: Names, Addresses, Dates of birth, Medical record numbers
How does the company handle incidents involving personally identifiable information (PII)?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through was Terminated the employee's email account.
Investigation Status
What is the current status of the investigation for each incident?
Incident : Phishing THE1159261022
Investigation Status: Ongoing
Initial Access Broker
How did the initial access broker gain entry for each incident?
Incident : Phishing THE1159261022
Entry Point: Phishing email
High Value Targets: Patient data
Data Sold on Dark Web: Patient data
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident?
Incident : Phishing THE1159261022
Root Causes: Phishing attack leading to unauthorized access
Additional Questions
General Information
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident was an Unauthorized third party.
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on 2023-05-22.
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were Patient names, Addresses, Dates of birth, Medical record numbers, Clinical details including diagnoses, treatments, doctors' names and and prescriptions.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident was Email account and Six hospitals.
Response to the Incidents
What containment measures were taken in the most recent incident?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Terminated the employee's email account.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Patient names, Addresses, Dates of birth, Medical record numbers, Clinical details including diagnoses, treatments, doctors' names and and prescriptions.
What was the number of records exposed in the most significant breach?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 230.0.
Investigation Status
What is the current status of the most recent investigation?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Initial Access Broker
What was the most recent entry point used by an initial access broker?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Phishing email.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
