Kentucky’s largest university system rebooted its computer networks Sunday after a month-long cyberattack that officials say was the worst in university history.
According to officials, the three-hour campus-wide network outage at the University of Kentucky (UK) and UK Healthcare was successful at “mitigating the existing cyber threat,” reports Lexington Herald-Leader.
Eric Monday, UK executive vice president for finance and administration, said unidentified threat actors from outside the U.S. infiltrated the system back in February and installed malware that used UK’s “vast processing capabilities” to mine cryptocurrency.
Cryptocurrency mining is a process in which transactions between users are verified and added into the blockchain — a public list of all transactions. The primary purpose is to set the history of transactions in a way that is computationally impractical to modify by any one entity.
Monday said UK’s system is pinged daily by attackers trying to penetrate the system but most fail. The hackers from this cyberattack entered through a university server outside UK Healthcare.
The attack caused computer systems used by students and employees to slow down or temporarily fail. Disruptions were mainly seen at UK Healthcare, which operates UK Albert B. Chandler Hospital and Good Samaritan Hospital. Both hospitals serve two million patients.
University spokesman Jay Blanton said an investigation into the attack found no evidence that patient or student data were compromised. Patient safety and access to care were never comprised but day-to-day functions were likely interrupted, he added.
University of Louisville Associate Professor of Computer Science and Engineering Dr. Adrian Lauf told Lexington Herald-Leader the return for mining cryptocurrency is nowhere near the value of patient health information, which is why he is “surprised that, given the value of public health information, it was not taken.”
“It’s like breaking into a bank to go steal something from the vending machine,” he said.
As a result of the attack, the university hired an independent computer forensic firm to help improve cybersecurity, according to Info Security magazine. The firm installed CrowdStrike security software to prevent future threats.
It is estimated the school spent more than $1.5 million to eject the malware from its network and improve cybersecurity.