UHS confirms hospitals hit by cyberattack, some systems down

Universal Health Services confirmed Monday that some of its hospitals are dealing with an ongoing, unspecified cyberattack.

“We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible,” the company said in a public statement. “In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively.”

Reports began circulating online early Monday morning that at least some UHS systems had been hit by a cyberattack, possibly Ryuk ransomware. UHS’ statement does not confirm that last aspect, but the reference to restoring IT operations from backups provides indication of a possible ransomware attack. Several threat intelligence analysts have lent credence to those claims, saying they have observed phishing-related attacks tied to Ryuk ransomware in recent weeks.

It’s not yet clear how many hospitals or systems have been affected or pushed offline, but the company lists hundreds of hospitals, physician networks, ambulatory surgery centers and emergency care facilities across the United States and United Kingdom on its website. While rumors and speculation abound online, it’s also not clear what sort of impact the attack has had on hospital operations and UHS patients across the country.

In its statement, UHS claims that it does not appear patient or employee data was accessed, copied or compromised by attackers at this point, though many cybersecurity experts warn that it can be difficult to definitely establish that in the immediate hours following an attack.

If confirmed, it would represent one of the nightmare scenarios laid out by many cybersecurity experts: that of a widespread ransomware attack hitting critical infrastructure – particularly the health care sector – during a global pandemic. In March, at the outset of the COVID-19 pandemic, a number of ransomware groups came forward with public statements promising not to go after hospitals who were scrambling to serve a huge influx of patients, while also dealing with a severe shortage of personal protective equipment.

 However, some questioned how sincerely to take those promises, and law enforcement organizations like INTERPOL issued warnings to the public in April that they were detecting “significant increase in attempted ransomware attacks against healthcare facilities and other critical infrastructure.
Hear Todd Fitzgerald, executive in residence for the Cybersecurity Collaborative, discuss the state of play for health care security leaders with Erik Decker, chief information security officer for the University of Chicago Medicine, and Errol Weiss, CSO for the Health Information Sharing and Analysis Center.

The attacks come shortly after the German government announced it is investigating what could be one of the first-ever confirmed "negligent homicides" resulting from a cyber attack, after a patient died at a Dusseldorf hospital following a ransomware attack.

“Locking hospitals out of their critical systems will not only delay the swift medical response required during these unprecedented times, it could directly lead to deaths,” said INTERPOL Secretary General Jürgen Stock in April. “INTERPOL continues to stand by its member countries and provide any assistance necessary to ensure our vital health care systems remain untouched and the criminals targeting them held accountable.”

Derek B. Johnson

Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.