Table of Contents
Computer systems for Universal Health Services, which runs approximately 400 hospitals and care centers across the United States and the United Kingdom, began to crash over the weekend, and, according to NBC News, the breach appears to be a ransomware attack, making it possibly one of the largest medical cyberattacks in U.S. history.
Universal Health Services confirmed Monday that its network had been knocked offline due to an unspecified “IT security issue.”
NBC News reported Monday afternoon that “one person familiar with the company’s response efforts who was not authorized to speak to the press said that the attack ‘looks and smells like ransomware.'”
Ransomware is a form of malicious software that locks files, devices or information by encryption and then issues a ransom demand to the victim to decrypt them.
According to the company’s website, Universal Health Services served 3.5 million patients in 2019 and employs 90,000 people globally, primarily in the U.S.
Some UHS hospitals have been forced to resort to filing patient information with pen and paper on Monday, according to NBC News sources.
“Our facilities are using their established back-up processes including offline documentation methods,” UHS said in a statement, adding that “no patient or employee data appears to have been accessed, copied or misused.”
“When nurses and physicians can’t access labs, radiology or cardiology reports, that can dramatically slow down treatment, and in extreme cases, force re-routing for critical care to other treatment centers,” Kenneth White, a computer security engineer with more than a decade of experience working with hospital networks, told NBC News. “When these systems go down, there is the very real possibility that people can die.”
In early April, near the start of the coronavirus pandemic, INTERPOL warned it had detected a significant increase in ransomware attacks against hospitals and medical services engaged in the virus response. The following month, Fresenius, Europe’s largest private hospital operator, was hit with a ransomware attack on its technology systems. Hackers reportedly utilized the Snake ransomware to attack Fresenius, which employs nearly 300,000 people across more than 100 countries. “As hospitals and medical organizations around the world are working non-stop to preserve the well-being of individuals stricken with the coronavirus, they have become targets for ruthless cybercriminals who are looking to make a profit at the expense of sick patients,” said INTERPOL Secretary General Jürgen Stock.
Alan B. Miller, the founder and chairman of Universal Health Services, announced earlier this month that he will step down as the company’s chief executive officer in January 2021 after more than four decades at the company.
Major hospital system hit with cyberattack, potentially largest in U.S. history (NBC News)
Universal Health Services CEO To Step Down After Four Decades At Hospital Operator (Forbes)
Full coverage and live updates on the Coronavirus