Share this article on:
Universal Health Services has confirmed that all 250 of its hospitals in the United States are back up and running after a suspected ransomware attack that knocked out its systems for 3 weeks. The attack started on or around September 27, 2020. All systems were brought back online by October 12. An update was posted on the UHS website this week saying, “With back-loading of data substantially complete at this point, hospitals are resuming normal operations.”
While systems were down, clinicians were forced to work with pen and paper in order to continue providing care for patients and, at some locations, patients had to be diverted to alternate facilities to receive treatment.
The health system reported the security breach as a malware attack which forced it to shut down its network; however, several insiders took to Reddit to voice their concerns and explain that this was a ransomware attack. Based on the data posted by those insiders, the attack appeared to have involved Ryuk ransomware. The operators of Ryuk ransomware are known to exfiltrate data prior to the deployment of ransomware; however, UHS maintains that no evidence has been found to indicate employee or patient data were accessed, copied, or misused.
Sen. Mark Warner, D-VA has written to UHS Chairman and CEO Alan Miller seeking answers to several questions about the attack and the cybersecurity measures that had been put in place to prevent and limit the severity of a ransomware or malware attack. In the letter, Sen. Warner said he had “grave concerns about United Health Services’ digital medical records and clinical healthcare operations succumbing to an apparent ransomware attack.”
UHS serves more than 3.5 million patients each year across its 250 hospitals and is one of the largest hospital operators in the United States. “With the full resources of a Fortune 500 company receiving over $11 billion in annual revenue, UHS’s patients expect and deserve that their provider’s cybersecurity posture to be sufficiently mature and robust to prevent major interruptions to health care operations,” said Sen. Warner.
Sen. Warner questioned whether UHS had segmented its network to prevent the lateral movement of hackers and stop an attack from spreading to affect all facilities. Sen. Warner also questioned whether clinical medical devices had been isolated from administrative systems and networks to ensure that in the event of a cyberattack those devices would not be interrupted.
In light of the posts made by insiders, Sen. Warner asked if UHS paid a ransom for the keys to decrypt files, whether any patient data was rendered inaccessible as a result of the attack, and if any healthcare data was exfiltrated from UHS owned or operated facilities.
Sen. Warner is seeking answers to those and other questions about UHS cybersecurity practices within 2 weeks.