Cybercriminals attacked the UHS healthcare network

Cybercriminals attacked the network of healthcare facilities at Universal Health Services (UHS) which is included in the Fortune 500 and operates approximately 400 healthcare facilities in the US, UK and Puerto Rico.

Based on what employees and patients report on social media, as recently as last Sunday, many UHS hospitals were forced to move to work without using IT systems. Some patients were denied help, others were referred to other hospitals as UHS clinics were unable to perform laboratory tests.

The attack took place on the night of Saturday to Sunday, September 26-27, at about 2:00 am. Employees write that at this time the computers began to reboot, and then a ransom message appeared on the screens of the infected machines. As a result, IT staff at medical institutions asked to shut down computers to prevent further spread of the threat.

According to the company’s official statement, UHS hospitals are currently trying to return to service and it looks like they are at least partially recovering the affected data (apparently from backups). It is separately emphasized that the data on patients and employees was not stolen or otherwise compromised.

“UHS implements extensive IT security protocols to protect our systems and data, and we are working diligently with our IT security partners to restore IT infrastructure and business operations as quickly as possible. We are making steady progress with recovery efforts. Certain applications have already started coming online again, with others projected to be restored on a rolling basis across the U.S. Patient care continues to be delivered safely and effectively”, — reported in an official statement from UHS.

Such attacks pose a threat not only to the financial condition of companies; recently, the media reported that as a result of a ransomware attack, a patient in a German hospital was not treated in time and finally died.

ZDNet reporters confirm that the infection has affected at least UHS hospitals and medical centers in North Carolina and Texas. Also on Reddit, people claiming to be employees of different clinics report about problems in Arizona, Florida, Georgia, Pennsylvania and California.

On social networks and on Reddit, many users claim that the well-known ransomware Ryuk is responsible for the incident, although no one has provided any evidence to support these claims so far.

Let me remind you that Ryuk has already been seen in attacks on medical institutions, for example, we reported that Ryuk ransomware attacked more than 100 nursing homes in the US.

Finally, at almost the same time, Maze operators attacked medical company, which is testing vaccine for COVID-19.