The University of Vermont Medical Center Company Cyber Security Posture
uvmhealth.orgThe University of Vermont Medical Center is part of a six-hospital network serving patients and their families in Vermont and northern New York. We're not just caregivers and staff - we're your friends and neighbors, offering expertise, kind words and compassionate care when and where you need them. We are dedicated to providing you with the best medical care possible. The University of Vermont Medical Center, along with the Robert Larner M.D. College of Medicine The University of Vermont and College of Nursing and Health Sciences, is one of 138 academic medical centers in the country. Through The University of Vermont Health Network and collaborative relationships throughout Vermont and northern New York, we are able to provide the highest quality care, informed by academic research, to patients throughout our region. The UVM Medical Center, along with its three founding organizations, The University of Vermont College of Medicine and College of Nursing and Health Sciences, share a rich history dating back to the 1800s. The UVM Medical Center is committed to the development of an Integrated Delivery System which provides high value health care to the communities we serve and enhances our academic mission. Our mission is to improve the health of the people in the communities we serve by integrating patient care, education, and research in a caring environment.
UVMC Company Details
university-of-vermont-medical-center
4531 employees
23266.0
62
Hospitals and Health Care
uvmhealth.org
Scan still pending
THE_3246033
In-progress
UVMC Risk Score (AI oriented)Between 800 and 900
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
UVMC Global Score.png)
The University of Vermont Medical Center Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 800 and 900 |
The University of Vermont Medical Center Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| The University of Vermont Health Network | Cyber Attack | 100 | 7 | 10/2020 | THE145216222 | Link | |
Rankiteo Explanation : Attack that could injure or kill peopleDescription: The computer network system of the University of Vermont Health Network was hit by a cyberattack that affected its six hospitals. Many surgeries and appointments were rescheduled till the servers were restored, however, emergency services were given priority. | |||||||
| The University of Vermont Medical Center | Data Leak | 60 | 3 | 05/2017 | THE1159261022 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: The University of Vermont Medical Center suffered from a phishing incident in May 22 after an unauthorised third party got access to an employee's email account. 2300 UVM Medical Centre patients were impacted by this occurrence. An email in the account was found to have patient information, including possible patient names, addresses, dates of birth, medical record numbers, and clinical details including diagnoses, treatments, doctors' names, and prescriptions. The email account did not contain the patients' social security numbers or financial details such as bank account or credit card numbers. They started an investigation and swiftly terminated the employee's email account. | |||||||
The University of Vermont Medical Center Company Subsidiaries
The University of Vermont Medical Center is part of a six-hospital network serving patients and their families in Vermont and northern New York. We're not just caregivers and staff - we're your friends and neighbors, offering expertise, kind words and compassionate care when and where you need them. We are dedicated to providing you with the best medical care possible. The University of Vermont Medical Center, along with the Robert Larner M.D. College of Medicine The University of Vermont and College of Nursing and Health Sciences, is one of 138 academic medical centers in the country. Through The University of Vermont Health Network and collaborative relationships throughout Vermont and northern New York, we are able to provide the highest quality care, informed by academic research, to patients throughout our region. The UVM Medical Center, along with its three founding organizations, The University of Vermont College of Medicine and College of Nursing and Health Sciences, share a rich history dating back to the 1800s. The UVM Medical Center is committed to the development of an Integrated Delivery System which provides high value health care to the communities we serve and enhances our academic mission. Our mission is to improve the health of the people in the communities we serve by integrating patient care, education, and research in a caring environment.
Access Data Using Our API
Get company history
Rapid.png)
UVMC Cyber Security News
University of Vermont Health Network: Appointments on schedule following network outage
The University of Vermont Health Network is planning to proceed with all patient appointments on Monday following last week's cybersecurityย ...
UVM Medical Center president speaks to Congress about 2020 cyberattack
UVM Medical Center President Dr. Stephen Leffler testified about the experience on Capitol Hill last week in front of a House of Representatives subcommittee.
Why U.S. health care cybersecurity laws are better at protecting a corpse's privacy than patients' lives
Why is health care cybersecurity so poor, if we already have laws like HIPAA? Part of the problem, experts told STAT, is that current policiesย ...
Ukrainian man pleads guilty to cybercrime schemes including UVM Medical Center hack
WASHINGTON (WCAX) - A Ukrainian man pleaded guilty on Thursday for his role in cybercrime schemes across the country, including here inย ...
Malware on employeeโs company computer led to cyber attack on UVM Medical Center
When the email was opened, cybercriminals deposited malware โ software intended to cause harm to computer systems โ onto the laptop. A few daysย ...
Ransomware Attacks on Hospitals Put Patients at Risk
Ransomware hijacks computer systems and holds them hostage until the victims pay a ransom or restore the system on their own. It typicallyย ...
Patients of a Vermont Hospital Are Left โin the Darkโ After a Cyberattack (Published 2020)
A wave of damaging attacks on hospitals upended the lives of patients with cancer and other ailments. โI have no idea what to do,โ one said.
Ukrainian national pleads guilty in Vermont hospital ransomware attack
A Ukrainian national pleaded guilty last week for his role in two cybercrime schemes, including a ransomware attack against a Vermont hospitalย ...
University of Vermont Medical Center works to restore systems after cyberattack
During the week of October 25, 2020, the UVM Health Network experienced a confirmed cyberattack affecting some systems.
UVMC Similar Companies
International SOS
The International SOS Group of Companies has been in the business of saving lives for over 40 years. Protecting global workforces from health and security threats, we deliver customised health, security risk management and wellbeing solutions to fuel our clientsโ growth and productivity. In the even
MultiCare Health System
MultiCareโs roots in the Pacific Northwest go back to 1882, with the founding of Tacomaโs first hospital. Over the years, weโve grown from a Tacoma-centric, hospital-based organization into the largest, community-based, locally governed health system in the state of Washington. Today, our comprehe
University of Miami Health System
UHealth โ University of Miami Health System delivers leading-edge patient care by top-ranked physicians who treat some of the most complex cases. Powered by the Miller School of Medicineโs ground-breaking research and medical education, UHealth is the regionโs only academic-based health care system.
Region Skรฅne
Region Skรฅne, or Skรฅne Regional Council, is the self-governing authority of Skรฅne, the southernmost county of Sweden. Region Skรฅne has its head office in the city of Kristianstad and has work places in every municipality in Skรฅne. Region Skรฅne is responsible for healthcare and medical services, t
Prince Albert Parkland Health Region
The Prince Albert Parkland Health Region ceased operations on December 4, 2017 when it became part of the Saskatchewan Health Authority (SHA). The Saskatchewan Health Authority is the largest organization in Saskatchewan, employing over 44,000 employees and physicians responsible for the delivery
VCU Health
We are a strong, passionate team of more than 12,500 who take pride in caring for every person who comes through our doors. We lift each other up so we can provide the very best and safest care to those who need us most. Together. Every day. With the support of our university, we make up an acade
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
UVMC CyberSecurity History Information
How many cyber incidents has UVMC faced?
Total Incidents: According to Rankiteo, UVMC has faced 2 incidents in the past.
What types of cybersecurity incidents have occurred at UVMC?
Incident Types: The types of cybersecurity incidents that have occurred incidents Cyber Attack and Data Leak.
How does UVMC detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through containment measures with Terminated the employee's email account.
Incident Details
Can you provide details on each incident?
Incident : Phishing
Title: Phishing Incident at University of Vermont Medical Center
Description: The University of Vermont Medical Center suffered from a phishing incident in May 22 after an unauthorised third party got access to an employee's email account.
Date Detected: 2023-05-22
Type: Phishing
Attack Vector: Email
Vulnerability Exploited: Human error leading to unauthorized access
Threat Actor: Unauthorized third party
Incident : Cyberattack
Title: Cyberattack on University of Vermont Health Network
Description: The computer network system of the University of Vermont Health Network was hit by a cyberattack that affected its six hospitals. Many surgeries and appointments were rescheduled till the servers were restored, however, emergency services were given priority.
Type: Cyberattack
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
How does the company identify the attack vectors used in incidents?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Phishing email.
Impact of the Incidents
What was the impact of each incident?
Incident : Phishing THE1159261022
Data Compromised: Patient names, Addresses, Dates of birth, Medical record numbers, Clinical details including diagnoses, treatments, doctors' names, and prescriptions
Systems Affected: Email account
Incident : Cyberattack THE145216222
Systems Affected: Six hospitals
Operational Impact: Many surgeries and appointments were rescheduled
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Patient names, Addresses, Dates of birth, Medical record numbers, Clinical details including diagnoses, treatments, doctors' names and and prescriptions.
Which entities were affected by each incident?
Incident : Phishing THE1159261022
Entity Type: Healthcare
Industry: Healthcare
Location: Vermont
Customers Affected: 2300 patients
Response to the Incidents
What measures were taken in response to each incident?
Incident : Phishing THE1159261022
Containment Measures: Terminated the employee's email account
Data Breach Information
What type of data was compromised in each breach?
Incident : Phishing THE1159261022
Type of Data Compromised: Patient names, Addresses, Dates of birth, Medical record numbers, Clinical details including diagnoses, treatments, doctors' names, and prescriptions
Number of Records Exposed: 2300
Sensitivity of Data: High
Personally Identifiable Information: Names, Addresses, Dates of birth, Medical record numbers
How does the company handle incidents involving personally identifiable information (PII)?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through was Terminated the employee's email account.
Investigation Status
What is the current status of the investigation for each incident?
Incident : Phishing THE1159261022
Investigation Status: Ongoing
Initial Access Broker
How did the initial access broker gain entry for each incident?
Incident : Phishing THE1159261022
Entry Point: Phishing email
High Value Targets: Patient data
Data Sold on Dark Web: Patient data
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident?
Incident : Phishing THE1159261022
Root Causes: Phishing attack leading to unauthorized access
Additional Questions
General Information
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident was an Unauthorized third party.
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on 2023-05-22.
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were Patient names, Addresses, Dates of birth, Medical record numbers, Clinical details including diagnoses, treatments, doctors' names and and prescriptions.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident was Email account and Six hospitals.
Response to the Incidents
What containment measures were taken in the most recent incident?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Terminated the employee's email account.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Patient names, Addresses, Dates of birth, Medical record numbers, Clinical details including diagnoses, treatments, doctors' names and and prescriptions.
What was the number of records exposed in the most significant breach?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 230.0.
Investigation Status
What is the current status of the most recent investigation?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Initial Access Broker
What was the most recent entry point used by an initial access broker?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Phishing email.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
