A nationwide cyberattack has crippled operations at Universal Health Services, one of the nation’s largest health care providers.
As a result, health care personnel reportedly began keeping records on paper as computer systems began failing over the weekend and some hospitals have sent incoming ambulances to other neighboring hospitals.
Universal Health Services posted an update on the situation Monday morning on its website stating the IT network across its facilities was offline due to “an IT security issue.”
The King of Prussia, Pennsylvania-headquartered health care giant’s operations include 26 acute care hospitals, 328 behavioral health facilities and 42 outpatient facilities across the U.S., Puerto Rico and the U.K.
No data belonging to patients or employees “appears to have been accessed, copied or misused,” the company said in its statement. “We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible. In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively.”
United Health Services did not respond to request for additional information on the situation.
The cyberattack, which began early Sunday, is thought to have employed the Ryuk ransomware, TechCrunch reported. Computer screens changed with text that referenced the “shadow universe,” which is consistent with the Ryuk ransomware, a person familiar with the situation told TechCrunch. “Everyone was told to turn off all the computers and not to turn them on again,” the person told the tech site. “We were told it will be days before the computers are up again.”
Ransomware, or malware, typically cripples a computer system and requires a ransom to return access to the system and its data.
Ryuk ransomware is specifically designed to target enterprises and businesses. Many ransomware operations told tech site BleepingComputer they would not target hospitals and other medical facilities during the COVID-19 pandemic. Ryuk operators, connected to a Russian cybercrime group, did not, TechCrunch noted.
“It is sad to see that despite hackers’ claims to stop healthcare cyber-attacks during COVID-19 crisis, such attacks still take place,” Ilia Sotnikov, vice president of product management for IT security firm Netwrix, told tech news site ThreatPost. “Ransomware attacks are especially disastrous for healthcare as they block access to IT systems and patient data in hospitals, leading to inability to treat people, and might eventually cost lives.
Earlier this month, the first known death from a ransomware attack may have occurred when a patient in Germany had to be moved to a different hospital when the one she was in had a cyberattack, NBC News reported.
Many health care workers posted notes about the situation at various United Health facilities in a Reddit thread. One in Florida noted that it was “a hot mess in the ER today.” Ambulances with heart patients were being diverted because the facility’s catheterization lab was down, the person posted.
Another worker in California wrote, “Our ER is closed to ambulances and OR’s are closed and all ambulances and surgeries are being rerouted.”
A nurse who works at a United Health Services at a facility in North Dakota told NBC News that computers slowed and then eventually simply would not turn on in the early hours of Sunday morning. “As of this a.m., all the computers are down completely,” the nurse said.
Another registered nurse working at a Arizona facility told NBC News that over the weekend “the computer just started shutting down on its own.” The nurse continued: “Our medication system is all online, so that’s been difficult.”