NBC News has reported that Universal Health Services, a major U.S. hospital chain, experienced what seems to be a ransomware attack. Details of the Universal Health Services ransomware attack are discussed below.
Universal Health Services Ransomware Attack: What Happened?
Universal Health Services, which operates more than 400 locations, was the victim or a ransomware attack that targeted their computer systems. Two nurses employed at Universal Health Services, who wish not to be named, reported that the ransomware attack began over the weekend.
They first noticed that there may be something wrong when the computer systems started to slow. All computers within the facility then completely shut down, unable to be turned back on. Nurses then had to resort to keeping patient records with pen and paper.
One nurse reported, “Our medication system is all online, so that’s been difficult. Now we had to hand-label every medication. It’s all improv.”
She also informed NBC News that many of their patient charts (at least for the facility she works at) are paper records. Although medication information is maintained online, the nurse reported that the records are backed up at the end of day, so it is likely that few records were lost in the ransomware attack.
Universal Health Services states on their website, “The IT Network across Universal Health Services (UHS) facilities is currently offline, due to an IT security issue.
We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible. In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively.
No patient or employee data appears to have been accessed, copied or misused.”
Even though Universal Health Services claims that no patient information was compromised, investigations are still underway. Therefore, it is unclear how many patients may have been affected by the Universal Health Services ransomware attack. The breach has also yet to appear on the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) breach portal.
