UHS supported Sunday ransomware attacks, some 250 hospitals are still affected

UHS has confirmed multiple reports that a cyber attack early Sunday morning caused the shutdown of IT operations in the United States last weekend, including more than 250 hospitals. Operations in the UK were unaffected.

UHS is currently working to get its computer systems up and running. The system said it was “in constant progress”, but is complicated due to a large number of management systems at the enterprise level. Information systems, including the EHR, have not been directly affected by the malware, but are not yet operational. Therefore, providers continue to use supporting protocols such as paper documentation.

UHS does not yet have evidence that patient data has been accessed or stolen.

• The for-profit chain Universal Health Services, which operates around 400 hospitals in the US and UK and serves millions of patients each year, shut down its computer networks over the weekend after receiving reports of ” a massive ransomware attack. “

• The attack occurred early Sunday morning and blocked computers and phone systems at UHS facilities in several states, including COVID-19 hotspots in California and Florida, according to various media reports. According to UHS, patient care was not interrupted when staff turned to backup records, including paperwork. TechCrunch reported, however, that patients are being turned away and emergencies are being diverted to other facilities. Employees were told that IT systems would take a few days to get back up and running.

• This is the latest in a series of ransomware attacks in the healthcare industry. Hospitals may be more motivated than other organizations to quickly pay hackers to restore and run their computer systems, and ransomware can be used as a distraction when hackers try to steal patient data to sell via the dark internet. . In a brief statement Tuesday morning, UHS said: “no evidence” of patient or employee data was accessed or misused, but did not respond to a request for more detailed information.

Ransomware is malicious software that insidiously spreads through a computer system, blocks access, and requires payment of a key to decrypt the data. It is a common hacking strategy, but it is rarely used in medical circles, especially on this scale. Indeed, in March, several prolific cybercrime groups pledged not to target health organizations during the COVID-19 pandemic.

The extent of the attack on UHS in Pennsylvania is still unclear. However, according to cybersecurity experts, the consequences could be severe as they could prevent UHS hospitals from accessing or searching medical records or critical information such as labs or radiological reports while their computer systems are down. This slows operations down significantly and could have a real impact on patient care.

Justin Heard, chief security officer, said, “Ransomware users may see UHS as a quick way to get funding given the need for performance and speed, and the associated financial loss could be more than just the ransom. . ” Intelligence and analytics from Nuspire. Health care said via email.

Cybersecurity attacks usually have a devastating financial impact on their victims, but when targeted at vendors, they can affect people’s lives as well. Earlier this month, a woman died after a ransomware attack in Germany that forced her to be transferred to another hospital 20 miles away.

A Reddit thread that began Monday about the incident highlighted computer problems at UHS facilities in Florida, California, Arizona, Texas, and North Carolina. Many unconfirmed commentators have claimed to be UHS staff and reported extreme situations at their facilities after the attack.

“It was an epic cluster that worked the old-fashioned way last night with anything on paper forms for downtime. It’s indeed about sending patients (so-called EMS bypass), but our lab works with landlines.” said a user who said he worked in facilities in the southeastern United States, he wrote. “We don’t have access to anything on the computers, including old labs, EKGs, or radiological studies. We don’t have access to our PACS radiology system.”

TechCrunch, other news outlets, and the Reddit thread all included reports from anonymous staff describing features similar to Ryuk strain attacks, led by Russia-backed hacking group Wizard Spider.

Wizard Spider’s ransom demand varies widely. According to the security company CrowdStrike, the observed ransom amounts range from 1.7 Bitcoins (approx. 18,000 USD at current market value) to 99 Bitcoins (approx. 1.1 million USD).