Universal Health Services (UHS), a hospital chain with over 400 locations in the United States and the United Kingdom, fell victim to an "information technology security incident," e.g. a cyber attack, on Sept. 27, according to a statement released by the organization on Tuesday.


What You Need To Know

  • Universal Health Services (UHS) was targeted by a cyber attack over the weekend

  • UHS confirmed they experienced an "information technology security incident" in a statement

  • As of Tuesday, the company's IT network was still down

  • The company said no patient information was compromised

The attack is the largest of its kind on a medical facility in United States history, according to a report from NBC News. The company's U.K. locations were not affected by the outage.

UHS may not be a household name, but has U.S. hospitals from Washington, D.C., to Fremont, California, and Orlando, Florida, to Anchorage, Alaska. Some of its facilities provide care for people coping with psychiatric conditions and substance abuse problems.

The widespread outage thrust hundreds of healthcare facilities across the U.S. into chaos Monday, with treatment impeded as doctors and nurses already burdened by the coronavirus pandemic were forced to rely on paper backup systems. The company "suspended user access to its information technology applications related to operations located in the United States," a statement on the UHS website read on Monday.

A subsequent statement from the company on Tuesday evening confirmed their IT network was still down due to a "security incident caused by malware."

"The cyber attack occurred early Sunday morning, at which time the company shut down all networks across the U.S. enterprise," the statement read in part. "The company's UK operations have not been impacted," the statement read.

"UHS implements extensive IT security protocols to protect our systems and data, and we are working diligently with our IT security partners to restore IT infrastructure and business operations as quickly as possible," the statement continued. "We are making steady progress with recovery efforts. Certain applications have already started coming online again, with others projected to be restored on a rolling basis across the U.S."

Fortunately, the company currently has "no evidence that patient or employee data was accessed, copied or misused," and added that patient care continues to be administered effectively.

It remains unclear how long it will be until the company's system is back online. According to Dr. Jonathan Reiner, a cardiologist at George Washington University Medical Center, one of the UHS centers reportedly affected by the attack, said it could take "days." 

"They proactively took down all, their entire network, to protect the network when they detected the attack and they're working using these downtime protocols to maintain clinical operations in a safe way while they slowly bring systems back up online," Reiner told CNN in an interview.

John Riggi, senior cybersecurity adviser to the American Hospital Association, called it a “suspected ransomware attack,” affirming reporting on the social media site Reddit by people identifying themselves as UHS employees.

UHS workers reached by The Associated Press at company facilities in Texas and Washington, D.C. described mad scrambles after the outage began overnight Sunday to render care, including longer emergency room waits and anxiety over determining which patients might be infected with the virus that causes COVID-19.

According to TechCrunch, an employee familiar with the situation said affected UHS computer screens displayed references to the “shadow universe,” indicating a connection to the infamous Ryuk ransomware attacks. 

Sophisticated eCrime groups often employ Ryuk ransomware to target “large organizations for a high-ransom return,” according to cybersecurity technology company CrowdStrike. This methodology, known as “big game hunting,” has impacted organizations from the U.S. Coast Guard to Tribune Publishing Newspapers.

Earlier in the year, a number of ransomware operators including DoppelPaymer, Maze, and CLOP pledged not to target hospitals or nursing homes amid the coronavirus pandemic, according to a report from BleepingComputer. Notably, those behind the Ryuk ransomware were not among those who made the pledge. 

The Associated Press contributed to this report.