Ransomware, Content

UHS Ryuk Ransomware Attack: Hospital System Recovery Update

Universal Health Services (UHS) is striving to recover from a cybersecurity incident that allegedly involved a Ryuk ransomware attack. Here are the latest details and reports about the attack.

1. Who Is UHS?: The Fortune 500 hospital and healthcare service provider has 400 healthcare facilities across the United States, Puerto Rico and the United Kingdom. UHS has 90,000 employees and serves 3.5 million patients annually. The company's revenues were $11.4 billion in 2019. Source: UHS.

2. What Happened: UHS "experienced an information technology security incident in the early morning hours of September 27, 2020. As a result, the Company suspended user access to its information technology applications related to operations located in the United States." Source: UHS.

3. Who has UHS hired to investigate the attack and restore systems? UHS has not disclosed whether specific digital forensics or MSSP (managed security services provider) companies are assisting the investigation and recovery.

4. Did Ryuk Ransomware attack UHS IT systems and networks?: The company did not specifically mention ransomware in its September 27, 2020, statement about the incident. However, media reports suggest Ryuk Ransomware was involved. Source: TechCrunch.

5. What Is Ryuk Ransomware?: Ryuk allows a threat actor to identify and attack an organization’s critical network systems. It often goes undetected for several days or months following an initial infection and has been used in several cyberattacks. Source: MSSP Alert.

6. Has Ryuk Ransomware hit other healthcare organizations? Yes. cybercriminals in October 2019 used Ryuk to attack three Alabama hospitals managed by DCH Health System. Following the ransomware attack’s discovery, outpatients with appointments at any of the three hospitals were told to call before attending their appointments, and local ambulances were told to take patients to other nearby hospitals. Source: MSSP Alert.

7. How was UHS impacted by the security incident?: The incident "may result in temporary disruptions to certain aspects of our clinical and financial operations, our acute care and behavioral health facilities are utilizing their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively." Source: UHS.

8. What is the grapevine saying about the security incident?: While official UHS communications emphasize ongoing productivity at the company, alleged chatter from employees suggests the situation has severely impacted productivity and business processes. Some employees suggest the attack knocked out antivirus programs, and many IT applications have now shifted to pen-and-paper processes. Source: Reddit.

9. Did the security incident involve a data breach?: "At this time, we have no evidence that patient or employee data was accessed, copied or misused." Source: UHS.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.