The Sunday morning attack against Universal Health Services may be the largest in U.S. history, according to media reports.
Cybersecurity experts say a ransomware attack against Universal Health Services (UHS) has taken down the hospital system’s digital networks at various sites across the country.
It may be the largest cyber attack in U.S. history, according to NBC news.
In a statement, UHS acknowledged that the IT network across their company is offline due to a “security incident.” The company says that it does not appear that any patient or employee data was accessed during the attack and that their U.K. operations have not been affected.
"UHS implements extensive IT security protocols to protect our systems and data, and we are working diligently with our IT security partners to restore IT infrastructure and business operations as quickly as possible,” the statement says. “We are making steady progress with recovery efforts. Certain applications have already started coming online again, with others projected to be restored on a rolling basis across the U.S.”
According to a report from Wired, hospital personnel say that they have moved to an all-paper system due to the attack which has left patients being rerouted to other emergency departments and waiting for appointments and test results.
With 400 facilities in the U.S. and the U.K., UHS employs more than 90,000 people who provide healthcare to about 3.5 million patients each year. The attack was undertaken overnight in an effort to encrypt and lock down as many systems as possible. Screens at facilities in California, Florida, Texas, Arizona, and Washington D.C. were changed to display a ransom message, according to Bleeping Computer, which first reported the attack.
Bleeping Computer cites an expert who says that the attack likely originated through phishing and that four patients have died due to physicians having to wait for lab results to arrive via currier.
Oliver Noble, an encryption specialist with Nordlocker, says in a Medical Economics article that some of the things physicians and hospitals can do to keep their IT systems safe include: