Potentially the largest cyberattack in U.S. Universal Health Services History

Get a Complimentary

Cyber health check

Run a scan now

Table of Contents

Toggle

A Major Hospital Chain Was Severely Impacted

Computer systems for Universal Health Services (UHS), which runs approximately 400 hospitals and care centers across the United States and the United Kingdom, began to crash over the weekend.  The breach stated NBC News is possibly one of the largest medical cyberattacks in U.S. history.

According to the UHS website, the company served 3.5 million patients in 2019 and employs 90,000 people globally, primarily in the U.S.  UHS employees began reporting problems on Monday via Reddit saying the attack has been shutting down computers at various hospitals, forcing them to turn away patients. One Reddit user working at a UHS facility in the Southeast wrote that multiple antivirus programs were disabled by the attack and “hard drives just lit up with activity.”

UHS hospitals in the U.S. including those from California, Florida, Texas, Arizona, and Washington D.C. are reportedly left without access to computer and phone systems. Affected hospitals are redirecting ambulances and relocating patients in need of surgery to other nearby hospitals, as stated by media reports.

According to NBC News sources some UHS hospitals have been forced to resort to filing patient information with pen and paper since Monday. One person familiar with the company’s response efforts said that the attack “looks and smells like ransomware.”

Ransomware Caused The Breach

Ransomware is a type of malicious software that spreads across computer networks and encrypts files, then demands payment for the decryption key that’s needed to gain access to and restore a company’s data and systems.

Kenneth White, a computer security engineer with more than a decade of experience working with hospital networks, said that the delays caused by ransomware attacks can have dire consequences for patients.  He told NBC News that,

“When nurses and physicians can’t access labs, radiology or cardiology reports, that can dramatically slow down treatment, and in extreme cases, force re-routing for critical care to other treatment centers,” he said. “When these systems go down, there is a very real possibility that people can die.”

Ransomware can devastate hospitals. In 2017, a ransomware strain called WannaCry, created by hackers working for the North Korean government spread across the world and infected the U.K.’s National Health System even though it wasn’t a direct target. The attack disrupted at least 80 medical facilities, though there were no publicly reported deaths associated with the incident.

The Ransomware “Ryuk” Is To Blame

BleepingComputer reported that a notorious ransomware strain known as Ryuk appears to be behind the attack. An employee said during the cyberattack files were being renamed to include the .ryk extension. This extension is used by the Ryuk ransomware stated BleepingComputer.

A UHS employee also said one of the impacted computers’ screens changed to display a ransom note reading “Shadow of the Universe,” a similar phrase to that appearing at the bottom of Ryuk ransom notes.  Based on information shared with BleepingComputer, the attack on UHS’ system likely started via a phishing attack.

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.

Key Background

In early April, near the start of the coronavirus pandemic, INTERPOL  warned it had detected a significant increase in ransomware attacks against hospitals and medical services engaged in the virus response.

The following month, Fresenius, Europe’s largest private hospital operator, was hit with a ransomware attack on its technology systems. Hackers reportedly utilized the Snake ransomware to attack Fresenius, which employs nearly 300,000 people across more than 100 countries.

“As hospitals and medical organizations around the world are working non-stop to preserve the well-being of individuals stricken with the coronavirus, they have become targets for ruthless cybercriminals who are looking to make a profit at the expense of sick patients,” said INTERPOL Secretary General Jürgen Stock.

Data-Guard 365 Protection Would Have Been Invaluable

Data-Guard 365 would have been invaluable in the protection of Universal Health Services company network for the following reasons:

• Our vulnerability assessment would have diagnosed potential security threats in the company network.
• Security Awareness training would have lessened the chances of a phishing attack from occurring in the first place.
• Behavior detection would have mitigated the sophisticated cyberattack to the specific endpoints on the company network
• 24 / 7 Endpoint monitoring would have detected the suspicious computers in the company network right away and would have quarantined the malicious files immediately.
• Our AI machine learning techniques would have established “rollback points” that could have been used to expedite a return to normal operations.

Don’t be a victim of cybercrime! Get a FREE Cyber Health Check.

By Christian John Sales, Marketing Manager for Data-Guard 365

Data-Guard 365 is an MSSP firm headquartered in Indianapolis, Indiana, with offices in Chicago, Atlanta, and other strategic locations across the globe. The company is a one-of-a-kind business partner whose people, processes, and technology provide invincible cybersecurity for a price point that pays for itself.
www.Data-Guard365.com / (317) 967-6767 / info@data-guard365.com