Skip to main content
close search
site logo
Dive Brief

UHS hit with ransomware attack, working to restore IT operations

Published Sept. 29, 2020
Rebecca Pifer's headshot
Senior Reporter
UHS

UHS

First published on

Healthcare Dive

Dive Brief:

  • For-profit chain Universal Health Services, which runs about 400 hospitals in the U.S. and U.K. and serves millions of patients each year, has shut down its IT networks following reports of a massive ransomware attack over the weekend.
  • The attack hit early Sunday morning, locking computers and phone systems at UHS facilities in several states, including COVID-19 hotspots California and Florida, according to media reports. UHS said there was no disruption to patient care as employees turned to backup protocols, including paper documentation. However, TechCrunch reported patients are being turned away and emergencies redirected to other facilities, and employees were told it would be several days before the IT systems were operational again.
  • It's the latest in a string of healthcare ransomware attacks. In a short statement Tuesday morning, UHS said it had "no evidence" patient or employee data was accessed or misused, but did not respond to a request for more detailed information.

Dive Insight:

The extent of the attack on UHS is still unclear. But the consequences could be serious, cybersecurity experts say, as it could keep UHS hospitals from accessing or searching patient records or vital information like labs or radiology reports while their IT systems are down. That drastically slows down operations and could have implications on patient care.

"The ransomware operators likely saw UHS as the opportunity to make a quick buck given the urgency to keep operations going, and the monetary loss associated with that downtime could outweigh the ransom demand," Justin Heard, director of security, intelligence and analytics at Nuspire, told Healthcare Dive over email.

A Reddit thread started Monday on the incident flagged IT issues at UHS facilities in Florida, California, Arizona, Texas and North Carolina. Many commenters, not confirmed, claimed they were UHS employees and reported dire situations at their facilities because of the attack.

"It was an epic cluster working 'old school' last night with everything on paper downtime forms. It is true about sending patients away (called EMS diversion) but our lab is functional along with landlines," one user who said they worked at a facility in southeastern U.S. wrote. "We have no access to anything computer based including old labs, ekg's, or radiology studies. We have no access to our PACS radiology system." 

TechCrunch, other news organizations and the Reddit thread included reports from anonymous employees describing characteristics resembling attacks of the Ryuk strain, which is run by Russia-backed hacking group Wizard Spider.

Ransom demand from Wizard Spider varies significantly, with observed ransoms ranging from 1.7 bitcoins (about $18,000 at current market value) to 99 bitcoins (about $1.1 million), according to security firm CrowdStrike.

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Unanet Acquires GovPro AI to Enable Customers to Win More Business
From Unanet
November 22, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell