Universal Health Services confirmed Monday that some of its hospitals are dealing with an ongoing, unspecified cyberattack.
“We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible,” the company said in a public statement. “In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively.”
Reports began circulating online early Monday morning that at least some UHS systems had been hit by a cyberattack, possibly Ryuk ransomware. UHS’ statement does not confirm that last aspect, but the reference to restoring IT operations from backups provides indication of a possible ransomware attack. Several threat intelligence analysts have lent credence to those claims, saying they have observed phishing-related attacks tied to Ryuk ransomware in recent weeks.
It’s not yet clear how many hospitals or systems have been affected or pushed offline, but the company lists hundreds of hospitals, physician networks, ambulatory surgery centers and emergency care facilities across the United States and United Kingdom on its website. While rumors and speculation abound online, it’s also not clear what sort of impact the attack has had on hospital operations and UHS patients across the country.
In its statement, UHS claims that it does not appear patient or employee data was accessed, copied or compromised by attackers at this point, though many cybersecurity experts warn that it can be difficult to definitely establish that in the immediate hours following an attack.
If confirmed, it would represent one of the nightmare scenarios laid out by many cybersecurity experts: that of a widespread ransomware attack hitting critical infrastructure – particularly the health care sector – during a global pandemic. In March, at the outset of the COVID-19 pandemic, a number of ransomware groups came forward with public statements promising not to go after hospitals who were scrambling to serve a huge influx of patients, while also dealing with a severe shortage of personal protective equipment.
However, some questioned how sincerely to take those promises, and law enforcement organizations like INTERPOL issued warnings to the public in April that they were detecting “significant increase in attempted ransomware attacks against healthcare facilities and other critical infrastructure.
The attacks come shortly after the German government announced it is investigating what could be one of the first-ever confirmed "negligent homicides" resulting from a cyber attack, after a patient died at a Dusseldorf hospital following a ransomware attack.
“Locking hospitals out of their critical systems will not only delay the swift medical response required during these unprecedented times, it could directly lead to deaths,” said INTERPOL Secretary General Jürgen Stock in April. “INTERPOL continues to stand by its member countries and provide any assistance necessary to ensure our vital health care systems remain untouched and the criminals targeting them held accountable.”