Healthcare giant UHS hit by ransomware attack, sources say

Universal Health Services, one of the largest healthcare providers in the U.S., has been hit by a ransomware attack.

The attack hit UHS systems early on Sunday morning, according to two people with direct knowledge of the incident, locking computers and phone systems at several UHS facilities across the country, including in California and Florida.

One of the people said the computer screens changed with text that referenced the “shadow universe,” consistent with the Ryuk ransomware. “Everyone was told to turn off all the computers and not to turn them on again,” the person said. “We were told it will be days before the computers are up again.”

It’s not immediately known what impact the ransomware attack is having on patient care, or how widespread the issue is.

UHS published a statement on Monday, saying its IT network “is currently offline, due to an IT security issue.”

“We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible. In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively,” the statement said.

“No patient or employee data appears to have been accessed, copied or otherwise compromised,” it added.

An executive who oversees cybersecurity at another U.S. hospital system, who asked not to be named as they were not authorized to speak to the press, told TechCrunch that patient medical data is “likely safe” as UHS relies on Cerner, a healthcare technology company, to handle its patients’ electronic health records.

Jane Crawford, a spokesperson for UHS, did not comment further when reached by TechCrunch.

UHS has 400 hospitals and healthcare facilities in the U.S. and the U.K., and serves millions of patients each year.

The Ryuk ransomware is linked to a Russian cybercrime group, known as Wizard Spider, according to security firm Crowdstrike. Ryuk’s operators are known to go “big game hunting” and have previously targeted large organizations, including shipping giant Pitney Bowes and the U.S. Coast Guard.

Some ransomware operators said earlier this year that they would not attack health organizations and hospitals during the COVID-19 pandemic, but Ryuk’s operators did not.

Last week, police in Germany launched a homicide investigation after the death of a woman who was diverted to another hospital following a ransomware attack.

Updated with a brief statement from UHS.


Do you know more? Send tips securely over Signal and WhatsApp to +1 646-755-8849 or send an encrypted email to: zack.whittaker@protonmail.com