Pennsylvania-based Universal Health Services Experiences Massive Ransomware Attack

Sept. 28, 2020
The King of Prussia, Pa.-based Universal Health Services hospital system on Monday confirmed that its 400 facilities had been hit with a massive ransomware-based shutdown over the weekend

The King of Prussia, Pa.-based Universal Health Services, a hospital system with “more than 400 acute-care hospitals, behavioral health facilities and ambulatory centers across the U.S., Puerto Rico, and the U.K.,” according to its website, was hit with a severe ransomware attack over the weekend, shutting down core information systems at its facilities nationwide on Sunday, Sep. 27.

Zack Whittaker at TechCrunch wrote this on Monday, Sep. 28: “Universal Health Services, one of the largest healthcare providers in the U.S., has been hit by a ransomware attack. The attack hit UHS systems early on Sunday morning, according to two people with direct knowledge of the incident, locking computers and phone systems at several UHS facilities across the country, including in California and Florida. One of the people said the computer screens changed with text that referenced the ‘shadow universe,’ consistent with the Ryuk ransomware. ‘Everyone was told to turn off all the computers and not to turn them on again,’ the person said. ‘We were told it will be days before the computers are up again.’” Whittaker added that “It’s not immediately known what impact the ransomware attack is having on patient care, or how widespread the issue is.”

At 10:45 AM eastern time on Monday, UHS released the following statement: “The IT Network across Universal Health Services (UHS) facilities is currently offline, due to an IT security issue. We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible. In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively. No patient or employee data appears to have been accessed, copied or misused.”

Meanwhile, NBC News’s Kevin Collier posted an article about the situation at 1:07 PM eastern time. Collier wrote that “A major hospital chain has been hit by what appears to be one of the largest medical cyberattacks in United States history. Computer systems for Universal Health Services, which has more than 400 locations, primarily in the U.S., began to fail over the weekend, and some hospitals have had to resort to filing patient information with pen and paper, according to multiple people familiar with the situation.”

With regard to the intensity and scope of the attack, Catalin Cimpanu wrote in a ZDNet report published online 11:19 AM eastern time that “UHS hospitals have been operating without internal IT systems since Sunday morning, according to employees and patients who took to social media today. Some patients have been turned away and emergencies have been redirected to other hospitals after UHS facilities were unable to carry out lab work. According to UHS employees,” Cimpanu wrote, “the ransomware attack took place on the night between Saturday and Sunday, September 26 to 27, at around 2:00 am CT. Employees said computers rebooted and then showed a ransom note on the screen. Computers were then shut down, and IT staff asked hospital personnel to keep systems offline.”

Saryu Naayar, CEO of the El Segundo, Calif.-based cybersecurity solutions provider Gurucul, said in a statement that “The suspected ransomware attack against Universal Health Services is just another example of a high-profile cybercrime incident.  While few details are available yet, the attack matches a pattern where criminals target high value organizations with little risk of prosecution. Worse, for every high-profile example like this, there are many more that are never reported in the press or, in fact, revealed at all.” And, she added, “We have tools, such as behavioral analytics, that can identify an attack and mitigate it early in the cycle.  But organizations still need to do better at protecting their assets, and governments across the world need to do more to prosecute and deter these cybercriminals.”

Sponsored Recommendations

Care Access Made Easy: A Guide to Digital Self Service

Embracing digital transformation in healthcare is crucial, and there is no one-size-fits-all strategy. Consider adopting a crawl, walk, run approach to digital projects, enabling...

Powering a Digital Front Door with a Comprehensive Provider Directory

Learn how Geisinger improved provider data accuracy, SEO, and patient acquisition with a comprehensive provider directory.

Data-driven, physician-focused approach to CDI improvement

Organizational profile Sisters of Charity of Leavenworth (SCL) Health* has been providing care since it originated in the 1600s in France as the Daughters of Charity. These religious...

Luminis Health improved quality and financial outcomes with advanced CDI technology and consulting from 3M

In the beginning, there were challengesBefore partnering with 3M Health Information Systems (HIS), Luminis Health’s clinical documentation integrity (CDI) program faced ...