University of Kentucky Reboots Computer Network After Month-Long Cyberattack

Article

A month-long attack on the computer networks at Kentucky’s largest university system prompted officials to conduct a major reboot of the networks Sunday, officials said.

Officials believe the prolonged cyberattack was resolved by a campus-wide network outage at the University of Kentucky and UK HealthCare, university executive vice president for finance and administration Eric Monday told the Lexington Herald-Leader.

The attack started in early February from outside of the United States, Monday said.

University spokesman Jay Blanton said the attack from unidentified sources has caused computer systems used by students and employees to slow down or temporarily fail.

Blanton said patient safety and access to care “was never compromised” and there is no evidence personal information or other sensitive data was accessed or downloaded.

UK HealthCare has nearly 2 million registered patients.

The attack did not involve a demand for ransom by cyberattackers. Ransomware is malicious software that encrypts a system, effectively locking out its users. The attackers promise to decrypt the information with a decryption key if they are paid.

However, Blanton said investigation efforts, including beefing up the network’s security software, has cost up to $1.5 million.

University of Kentucky President Eli Capilouto said in an email Sunday to students, faculty and staff that limiting the release of information about the network outage was necessary until it was clear that the system reboot was finished.

The university and its cybersecurity partners are “confident in our response,” Capilouto said.

“As always, the security of our community will remain our top priority.”