Major cyberattack on US healthcare knocks out systems of medical chain managing 400 facilities

3 weeks ago 6

The Universal Health Services, which runs over 400 hospitals and care centres primarily in the US, has been hit by a ransomware that has now knocked off the medical chain’s online system. The cyberattack is being touted as probably the biggest in US medical history.

Apart from the US, Universal Health Services also operates in few United Kingdom facilities as well. UHS is one of the largest for-profit hospital operators in the United States. On Monday (local time), the UHS network was knocked offline, which the company described as an unspecified "IT security issue".

UHS has not specified the nature of the cyber security issue, saying in a brief statement it was using "established back-up processes" to recover.

Text messages reviewed by Reuters showed UHS instructing employees to avoid exposing their devices to the company's corporate network, something one expert said was a sign of a ransomware outbreak.

"I can't think of any other reason," said Gabrielle Hempel, a researcher who studies the security of medical devices and says she has been in touch with people dealing with the incident.

Ransomware, which works by locking victims out of their computers until a ransom payment is made, has long been a pernicious threat to hospitals and health care providers. The coronavirus pandemic has heightened concerns that cybercriminals could target medical facilities.

UHS' statement said "our facilities are using their established back-up processes including offline documentation methods," adding that patient care "continues to be delivered safely and effectively." It said no patient or employee data appeared to have been compromised.

In text messages to employees, the company said the disruption "may last 24 hours or more."

"Do NOT attempt to connect to UHS email or other UHS network applications," one of the messages said.

The nature of the disruption in UHS' case was not clear. The company has not answered questions about the size and scope of the problem. Hempel said hospital cyberattacks should be taken seriously.

"Data is at risk here definitely, but you also have people's lives at risk too," she said.

(With inputs from Reuters)

Read Entire Article