Hospitals nationwide in the US are this week dealing with the fallout from an outage, connected to a potential ransomware attack against one of the largest healthcare services providers in the country.
The full size of the incident is not yet known but as a result, facilities across the US have been left without access to computer systems.
Universal Health Services
Universal Health Services (UHS) – a Fortune 500 company that specialises in telemedicine & helps facilitate appointments, lab results, & medical forms for hospitals was hit by ransomware, reportedly the Ryuk strain, over the weekend, forcing hospitals that use UHS’ IT system offline.
While not every hospital appears to be impacted, a number have.
Much discussion around the incident involves an unconfirmed post to Reddit Sunday night. In that post a user claiming to work at a UHS hospital reported the facility had no access to phones, computer systems, internet, or the data centre. Thus, the hospital reportedly had to send ambulances to smaller hospitals, & had patients die while waiting for lab results to be delivered by courier.
Oher Reddit users made statements, some saying their hospitals would not let employees turn on computers, others saying they had to write everything down on paper.
During the COVID-19 pandemic, the incident could further worsen an already difficult situation at some hospitals.
The company did issue a statement, just after noon on Mon. however, confirming that its IT network is “currently offline, due to an IT security issue,” adding that “no patient or employee data appears to have been accessed, copied or otherwise compromised.”
“We implement extensive IT security protocols & are working diligently with our IT security partners to restore IT operations as quickly as possible. In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely & effectively,” the company’s statement read further.
The statement is low on detail, making it even more unclear what transpired. UHS has 400 hospitals & healthcare facilities in the US & the UK, but it is not certain how many of them may be affected.
Reddit users claiming to work for UHS hospitals in California, Florida, Georgia, Pennsylvania, North Carolina & Texas have all reported experiencing issues, many which look like ransomware hit their computer systems, over the last 24 hours.
A handful of hospitals in Las Vegas appear to be victims as well. According to a local ABC affiliate there, 5 hospitals belonging to the Valley Health System, a subsidiary of Universal Health Services, Inc., were all knocked offline on Sun. too.
Some reports, including one via Bleeping Computer, claim victims’ screens displayed a ransom note reading “Shadow of the Universe,” a phrase that sometimes appears as part of Ryuk infections.