Ransomware Hackers Hit UHS Hospital Chain

The attack on Universal Health Services left doctors and nurses scrambling to render care, with computers replaced by pen and paper.
Matthew HellerSeptember 29, 2020
Ransomware Hackers Hit UHS Hospital Chain

A suspected ransomware attack shut down the computer systems at Universal Health Services, one of the largest U.S. hospital chains, and raised fears that the hackers gained access to patient and employee data.

As Wired reports, “Ransomware attacks on large organizations have been prevalent since the mid-2010s, but the pace of assaults seems to have increased in recent months.” In the U.S. alone, 764 healthcare providers were victimized last year by ransomware, according to cybersecurity firm Emsisoft.

“Hospitals, in particular, have long been a favorite [ransomware] target, because patient safety hangs in the balance when a hospital’s network goes down,” Wired said.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

The attack on UHS early Sunday left doctors and nurses scrambling to render care, with computers replaced by pen and paper. Telemetry monitors that show critical care patients’ heart rates, blood pressure, and oxygen levels went dark and had to be restored with ethernet cabling.

“These things could be life or death,” a clinician told the Associated Press.

CEO Alan Miller told The Wall Street Journal that the hackers used a previously unknown technique to break into UHS’ computer systems. He declined to say whether they had requested payment from the company.

UHS operates more than 400 facilities across the U.S., Puerto Rico, and the U.K. “No patient or employee data appears to have been accessed, copied, or misused,” the company said in a news release.

But Bleeding Computer said the attackers appear to have used Ryuk ransomware, which is widely linked to Russian cybercriminals, and that “if this is a ransomware attack, there is also a high chance of the attackers stealing patient and employee data, which will further increase the damage.”

In 2017, a ransomware strain called WannaCry, created by hackers working for the North Korean government, infected the U.K.’s National Health Service, disrupting at least 80 medical facilities. Earlier this month, the first known fatality related to ransomware occurred at a hospital in Germany.

“We are most concerned with ransomware attacks which have the potential to disrupt patient care operations and risk patient safety,” said John Riggi, senior cybersecurity adviser to the American Hospital Association.