Universal Health Services (UHS) hit with ransomware attack

Universal Health Services (UHS)
Source: Universal Health Services

Universal Health Services (NYSE: UHS), one of the largest healthcare providers in the United States was hit with a malicious ransomware attack early on Sunday morning.

There is no evidence that the hackers stole or misused personal data of employees or patients, according to the company. 

Immediately after discovering the cyberattack, the Pennsylvania-based healthcare giant suspended users’ access to its information applications related to its operations in the United States. 

Signup for the USA Herald exclusive Newsletter

Additionally, Universal Health Services implemented its information technology (IT) security protocols. The company is also working with its security partners to quickly restore its IT operations.

Universal Health Services personnel reportedly started keeping records on paper as computer systems began failing. Some hospitals sent incoming ambulances to other neighboring hospitals because they did not have access to their systems.

The cyberattack locked up computers and shut down phone systems at several UHS facilities across the country, including in California and Florida. 

Many health care workers described the situation at a variety of United Health facilities locations.  One in Florida noted that it was “a hot mess in the ER today.” Ambulances with heart patients were being diverted because the facility’s catheterization lab was down, the person posted.

Another worker in California said, “Our ER is closed to ambulances and OR’s are closed and all ambulances and surgeries are being rerouted.”

A registered nurse working at an Arizona facility said, “Our medication system is all online, so that’s been difficult.”

Universal Health Services has operations in the U.S., the U.K., and Puerto Rico. Its facilities include 26 acute care hospitals, 42 outpatient centers, and 328 behavioral health facilities. The company serves millions of patients annually.

Ryuk ransomware used on Universal Health Services 

Ransomware is designed to cripple a computer network until a ransom is paid to return access to the system and its data.

It has been reported that a hospital employee said computer screens displayed text that referenced the “shadow universe” which is consistent with a Ryuk ransomware attack by Wizard Spider.

“Everyone was told to turn off all the computers and not to turn them on again,” the person said. “We were told it will be days before the computers are up again.”

Wizard Spider is a Russian cybercrime group that has developed a sophisticated banking malware known as “TrickBot” and ransomware called “Ryuk.” 

CrowdStrike, the cybersecurity technology company based in Sunnyvale, California created the name Wizard Spider in association with the threat actor. CrowdStrike Intelligence says that the group has been targeting large organizations since at least 2018.

The hacker group is known to go “big game hunting” to target and breach large organizations. They have been linked to attacks on the tech company, Pitney Bowes, and the U.S. Coast Guard.

Ransomware attack in-progress

It’s not known how much the ransomware attack is impacting patient care. The issues appear to be widespread in the UHS system.

In a statement, Universal Health Services said, “In the meantime, while this matter may result in temporary disruptions to certain aspects of our clinical and financial operations, our acute care and behavioral health facilities are utilizing their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively.”

Most hospital systems use the Cerner healthcare technology system to handle patients’ electronic health records to ensure individual patient data is safe. It is believed that patient information is secure.

Some ransomware actors have promised to leave hospitals alone

Due to the COVID-19 pandemic, some ransomware hackers have promised not to attack hospitals and health organizations. Wizard Spider with the Ryuk ransomware did not make any promises.

“It is sad to see that despite hackers’ claims to stop healthcare cyber-attacks during the COVID-19 crisis, such attacks still take place,” said Ilia Sotnikov, vice president of product management for IT security firm Netwrix, as quoted by ThreatPost.

 “Ransomware attacks are especially disastrous for healthcare as they block access to IT systems and patient data in hospitals, leading to the inability to treat people, and might eventually cost lives,” Sotikov added.

Last week, police in Germany are investigating a ransomware attack murder case after a woman died because she was diverted to another hospital during the attack. 


Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.

Want to contribute a story? We also accept article submissions — check out our writer’s guidelines here.