Universal Health Services, a Fortune-500 company, operates 400 facilities across the United States, Puerto Rico, and the United Kingdom. Earlier this week, ransomware struck computer systems within the United States. This attack resulted in canceled surgeries and diverting ambulances away from UHS facilities.
According to UHS, the cyberattack occurred early Sunday morning. Upon detection, all systems were disconnected, and UHS shut down the network completely. As a result, employees lost access to systems used for medical records, laboratories, and pharmacies.
Reports from employees were posted across the internet over the last several days. One person stated, “Everyone was told to turn off all the computers and not to turn them on again. We were told it will be days before the computers are up again.”
One emergency room technician said that their entire hospital had moved to a paper system.
“We are using paper for everything. All computers are completely shut down. Paper is workable, there is just a lot more documentation to be done so things don’t get lost—orders, meds, etc. Patient care is about the same still in the ER, since we are where the patient enters the hospital and the visit gets started. There is concern for patients who were already on the floors when this happened, but everyone is stepping up their game big time.”
UHS released a statement that simply said, “The IT Network across Universal Health Services (UHS) facilities is currently offline, as the company works through a security incident caused by malware… We have no indication at this time that any patient or employee data has been accessed, copied or misused. The company’s UK operations have not been impacted.”
Ryuk Strikes Again?
UHS declined to reveal what kind of malware was involved, but employees have provided information pointing to Ryuk. The .RYK extension began appearing on encrypted files. Reports also say other indicators, like ransom notes, also point to Ryuk.
Ransomware attacks have escalated for several years. Hospitals and healthcare providers offer favorable targets for cyberattacker. Potential risks to patient safety provide a powerful motivator for paying any ransom demands.
Prevention and Preparation
5 days later, Universal Health Services is still working to recover from this attack. Their systems remain offline. Every effort should be made to prevent ransomware, but one simple mistake can leave the door wide open.
Does your MSP monitor for attacks 24/7? What remediation plan is in place? How quickly would your organization be up and running after an attack? If you don’t know or aren’t happy with the answers to those questions, request a consultation from Pit Crew IT. We can help you get a pulse on your network security situation and keep it running.