‘Universal Health Services’ (UHS) Hit by Ransomware, IT Systems Down

‘Universal Health Services’ (UHS) Was Hit by Ransomware and IT Systems Are Down

By Bill Toulas / September 29, 2020

The Ryuk gang has hit UHS, and many of its hospitals and clinics returned to “pen and paper.”
Employees reporting on social media that the attack was immediately catastrophic, but there are no risks for existing patients.
UHS says the attack hasn’t compromised any patient or employee data, as nothing has been accessed.

‘Universal Health Services’ (UHS) has been hit by Ryuk ransomware actors, who are apparently continuing independently from Conti following a short period of inactivity. As it happens, UHS is a Fortune 500 healthcare service provider with annual revenues of more than $11 billion, roughly 90,000 employees, and a large number of hospitals (more than 400) in both the United States and the UK.

UHS owns subsidiaries like Alpha Hospital Group, Ascend Health Corporation, Cygnet Health Care, Foundations Recovery Network, Palo Verde Behavioral Health, Psychiatric Institute of Washington, Psychiatric Solutions, Inc.

All in all, this is a big entity in the field, and a ransomware attack against them is affecting a large number of people who are in need of medical services. According to the official UHS statement, the IT network across all of their facilities remains down following a security incident that took place during the weekend, but patient care continues to be delivered.

The personnel has reverted to using back-up processes like offline documentation systems, while the IT teams are working feverishly to restore network operations. Allegedly, no patient or employee data has been accessed or exfiltrated by hackers.

ZDNet attempted to confirm the operational status of various UHS hospitals and found that some of them were indeed down, whereas others reported having no network problems at all. A Reddit thread where users claim to work for UHS has been giving away details about the event since yesterday.

According to these posts, which we have no way to confirm, everything has gone to “paper” and manual logging, but no actual impact like patient deaths has been recorded yet. However, a process of EMS diversion has been put in place, so this will inevitably affect incoming urgent cases. Reportedly, the ransomware disabled AV tools on the Win10 boxes upon hitting them, and employees aren’t allowed to power up anything yet.

Daniel Normal, the senior solutions analyst at ISF, has provided us with the following comment on this security incidence:

Over the coming years, these security threats will continue to accelerate around the world over as far more invasive and automated technology makes its way into the operating room and, in some cases, the human body. Attackers will once again turn their attention to disrupting the health service by targeting poorly secured devices and systems, which will now start to have severe ramifications for human life.
Healthcare services have an outdated approach to security awareness, education, and training. Basic cyber hygiene standards need to be met, covering patching and updates, network segmentation, network monitoring, and hardening, especially for technologies such as AI, robotics, and IoT devices. This is an exciting time for the healthcare industry, but it is also dangerous.

This website uses cookies to ensure you get the best experience on our website.

‘Universal Health Services’ (UHS) Was Hit by Ransomware and IT Systems Are Down

U.S. Hospitals Are Under Constant Attack by the ‘Ryuk’ Ransomware Group

Düsseldorf University Clinic Hit by Ransomware and Patient Dies

The City of New Orleans was Targeted by Ryuk Ransomware Actors

The Ryuk Ransomware Gang Crippled Spain's Public Payments Agency

Study Correlates Healthcare Ransomware Attacks with a Rise in Fatal Heart Attacks

Cyber-Attacks Against the Healthcare Sector Back on the Rise