- Universal Health Services, a chain of hospitals with over 250 locations in the United States, was hit by a cyber attack that caused its computer and telephone systems to fail.
- The attack, first reported by Bleeping Computer, bears the signs of a ransomware attack in which hackers hijack an organization’s systems and refuse to turn them over unless the victim pays a hefty ransom.
- UHS, one of the nation’s largest hospital chains, reportedly had to cancel surgeries and redirect ambulances as it scrambled to deal with the cyber attack.
- On Tuesday afternoon, UHS systems were still down and employees relied on pen and paper to conduct business, an employee told Business Insider.
- Visit the Business Insider home page for more stories.
This week, an unprecedented cyber attack on one of the largest hospital chains in the United States compromised the computer and telephone systems of hundreds of hospitals.
Universal Health Services, which operates more than 250 hospitals across North America, began experiencing outages Sunday night that disconnected all staff from computer systems and prevented them from reconnecting, Bleeping Computer first reported.
These disruptions have continued for days, forcing U.S. hospitals to postpone surgeries and divert ambulances. Staff were instructed to conduct all activities using pen and paper, a protocol that was still in effect on Tuesday afternoon, according to an Arizona-based UHS employee.
UHS President Mark Miller told the Wall Street Journal Monday night that UHS shut down its systems after a hack was detected to prevent further damage, causing some operations to be delayed.
While some hospital functions were disrupted, no patients were harmed by the disruption, Miller added.
UHS said in a statement Monday that its systems were affected by an “IT security problem” and that no patient data was compromised. The company followed up with another statement Tuesday morning saying it was working on restoring its systems but some “clinical and financial” operations were still down. When reached for comment, the UHS spokesperson directed Business Insider to the company’s online statements and added that none of UHS’s overseas hospitals were affected.
The attack appears to carry the hallmarks of a ransomware attack, according to Bleeping Computer. Ransomware attackers use malicious code to compromise an organization’s computer systems and then require victims to pay to regain access.
The UHS employee of Arizona told Business Insider that as of Tuesday afternoon, employees have not received any communications beyond the information posted on the UHS website. Since they’ve been locked out of their email accounts, employees rely on a separate app called ShiftHound to coordinate shifts.
“There has been absolutely no communication about what’s going on. I wonder what our protocol is for a situation like this,” the employee said.
Ransomware attacks have become more frequent in recent years and hospitals are a prime target. Attacks on hospitals escalated during COVID-19, according to a report from Microsoft, as hospitals turn to new, unknown telemedicine platforms and are increasingly short of cash during the pandemic.
Hackers see hospitals as valuable targets because their systems are critical to the well-being of patients, making them more likely to pay a ransom. Additionally, patient health data is considered valuable, according to Torsten George, an analyst at cybersecurity firm Centrify.
“The UHS incident is the latest in a series of healthcare-focused ransomware attacks,” George told Business Insider. “Hospital systems are critical and with many lives at stake, healthcare organizations are more likely to pay a ransom to get back up and running quickly.”
According to cybersecurity experts and law enforcement agencies – including the FBI – the targets should avoid paying the ransom at all costs to knock out hackers.