Computers at Universal Health Services facilities — which has more than 400 locations, primarily in the U.S. — began to shut down over the weekend in what is described as one of the largest medical cyberattacks ever.
Major Hospital System Hit With Cyberattack, Potentially Largest In U.S. History
A major hospital chain has been hit by what appears to be one of the largest medical cyberattacks in United States history. Computer systems for Universal Health Services, which has more than 400 locations, primarily in the U.S., began to fail over the weekend, and some hospitals have had to resort to filing patient information with pen and paper, according to multiple people familiar with the situation. (Collier, 9/28)
A Ransomware Attack Has Struck A Major US Hospital Chain
An emergency room technician at one UHS-owned facility tells WIRED that their hospital has moved to all-paper systems as a result of the attack. Bleeping Computer, which first reported the news, spoke to UHS employees who said the ransomware has the hallmarks of Ryuk, which first appeared in 2018 and is widely linked to Russian cybercriminals. Ryuk is typically used in so-called “big-game hunting” attacks in which hackers attempt to extort large ransoms from corporate victims. UHS says it has 90,000 employees and treats about 3.5 million patients each year, making it one of the US’ largest hospital and health care network. (Newman, 9/28)
Health Care Provider United Health Services Hit With Cyberattack
The King of Prussia, Pennsylvania-headquartered health care giant’s operations include 26 acute care hospitals, 328 behavioral health facilities and 42 outpatient facilities across the U.S., Puerto Rico and the U.K. No data belonging to patients or employees “appears to have been accessed, copied or misused,” the company said in its statement. “We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible. In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively.” (Snider, 9/28)
UHS Hit With Massive Cyber Attack As Hospitals Reportedly Divert Surgeries, Ambulances
UHS hospitals in the U.S. including those from California, Florida, Texas, Arizona, and Washington D.C. are reportedly left without access to computer and phone systems. Affected hospitals are redirecting ambulances and relocating patients in need of surgery to other nearby hospitals, according to media reports. UHS has more than 90,000 employees and provides healthcare services to approximately 3.5 million patients each year. (Landi, 9/28)
The Wall Street Journal:
Ransomware Attack Hits Universal Health Services
Under HIPAA, a malware attack that exposes patients’ personal health information could require hospitals to publicly disclose the breach, said Mark Barnes, a partner at the law firm Ropes & Gray LLP. Hospitals also face fines for privacy and security violations under the law. Ransomware attacks are a potential HIPAA violation, under guidance issued by federal health officials, Mr. Barnes said. (McMillan and Evans, 9/28)
This is part of the KHN Morning Briefing, a summary of health policy coverage from major news organizations. Sign up for an email subscription.