- Universal Health Services, a hospital chain with over 250 locations in the US, was hit with a cyberattack that has caused its computer and phone systems to fail.
- The attack, first reported by Bleeping Computer, bears the signs of a ransomware attack in which hackers hijack an organization’s systems and refuse to turn them over unless the victim pays a hefty ransom.
- UHS, one of the nation’s largest hospital chains, reportedly had to cancel surgeries and reroute ambulances as it scrambled to address the cyberattack.
- Visit Business Insider’s homepage for more stories.
An unprecedented cyberattack against one of the largest hospital chains in the US has compromised the computer and phone systems at hundreds of hospitals this week.
Universal Health Services, which operates more than 250 hospitals across North America, started experiencing outages Sunday night that logged all staff out of computer systems and blocked them from logging back in, Bleeping Computer first reported.
Those outages have continues for days, forcing hospitals across the US to postpone surgeries and divert ambulances. UHS president Mark Miller told the Wall Street Journal Monday evening that UHS shut down its own systems after a hack was detected in order to prevent further damage, causing some operations to be delayed.
While some hospital functions were disrupted, no patients were harmed by the outage, Miller added.
UHS said in a statement Monday that its systems were affected by an “IT security issue” and that no patient data has been compromised. The company followed up with another statement Tuesday morning saying it was working to restore its systems but that some “clinical and financial” operations were still disrupted.
The attack appears to bear signature traits of a ransomware attack, according to UHS employees who spoke to Bleeping Computer. Ransomware attackers use malicious code to compromise an organization’s computer systems and then demand that victims pay up in order to regain access.
Ransomware attacks have become increasingly frequent in recent years, and hospitals are a prime target. Attacks against hospitals have increased amid COVID-19, according to a report from Microsoft, as hospitals turn to new, unfamiliar telemedicine platforms and are increasingly cash-strapped during the pandemic.
Hackers see hospitals as valuable targets because their systems are crucial to patients’ wellbeing, making them more likely to pay a ransom. In addition, patients’ health data is seen as valuable, according to Torsten George, an analyst at cybersecurity firm Centrify.
“The UHS incident is the latest in a string of healthcare-focused ransomware attacks,” George told Business Insider. “Hospital systems are mission critical, and with many lives at stake, healthcare organizations become more likely to pay a ransom to swiftly get back up and running.”
According to cybersecurity experts and law enforcement agencies — including the FBI — targets should avoid paying ransom at all costs in order to put hackers out of business.