FOLLOW US

Universal Health Services (NYSE: UHS), one of the largest healthcare providers in the United States was hit with a malicious ransomware attack early on Sunday morning.

There is no evidence that the hackers stole or misused personal data of employees or patients, according to the company. 

Immediately after discovering the cyberattack, the Pennsylvania-based healthcare giant suspended users' access to its information applications related to its operations in the United States. 

Additionally, Universal Health Services implemented its information technology (IT) security protocols. The company is also working with its security partners to quickly restore its IT operations.

Universal Health Services personnel reportedly started keeping records on paper as computer systems began failing. Some hospitals sent incoming ambulances to other neighboring hospitals because they did not have access to their systems.

The cyberattack locked up computers and shut down phone systems at several UHS facilities across the country, including in California and Florida. 

Many health care workers described the situation at a variety of United Health facilities locations.  One in Florida noted that it was "a hot mess in the ER today." Ambulances with heart patients were being diverted because the facility's catheterization lab was down, the person posted.

Another worker in California said, "Our ER is closed to ambulances and OR’s are closed and all ambulances and surgeries are being rerouted."

A registered nurse working at an Arizona facility said, “Our medication system is all online, so that's been difficult.”

Universal Health Services has operations in the U.S., the U.K., and Puerto Rico. Its facilities include 26 acute care hospitals, 42 outpatient centers, and 328 behavioral health facilities. The company serves millions of patients annually.

Ryuk ransomware used on Universal Health Services 

Ransomware is designed to cripple a computer network until a ransom is paid to return access to the system and its data.

It has been reported that a hospital employee said computer screens displayed text that referenced the “shadow universe” which is consistent with a Ryuk ransomware attack by Wizard Spider.

“Everyone was told to turn off all the computers and not to turn them on again,” the person said. “We were told it will be days before the computers are up again.”

Wizard Spider is a Russian cybercrime group that has developed a sophisticated banking malware known as “TrickBot” and ransomware called “Ryuk.”