Open 24/7/365

We Have A Life-Time Warranty /
Guarantee On All Products. (Includes Parts And Labor)

Major Hospital System Hit With Cyberattack, Potentially Largest In U.S. History

Computer systems for Universal Health Services, which has more than 400 locations, primarily in the U.S., began to fail over the weekend. Major Hospital System Hit With Cyberattack, Potentially Largest In U.S. History

A major hospital chain has been hit by what appears to be one of the largest medical cyberattacks in United States history.

Computer systems for Universal Health Services, which has more than 400 locations, primarily in the U.S., began to fail over the weekend, and some hospitals have had to resort to filing patient information with pen and paper, according to multiple people familiar with the situation.

Universal Health Services did not immediately respond to requests for comment, but posted a statement to its website that its company-wide network “is currently offline, due to an IT security issue. One person familiar with the company’s response efforts who was not authorized to speak to the press said that the attack “looks and smells like ransomware.”

Ransomware is a type of malicious software that spreads across computer networks, encrypting files and demanding payment for a key to decrypt them. It’s become a common tactic for hackers, though attacks of this scale against medical facilities aren’t common. A patient died after a ransomware attack against a German hospital in early September required her to be moved to a different hospital, leading to speculation that it may be the first known death from ransomware.

Hackers seeking to deploy ransomware often wait until the weekend, when a company is likely to not have as many technical staff members present.

Two Universal Health Services nurses, who requested to not be named because they weren’t authorized by the company to speak with the media, said that the attack began over the weekend and had left medical staff to work with pen and paper.

One of the nurses, who works in a facility in North Dakota, said that computers slowed and then eventually simply would not turn on in the early hours of Sunday morning. “As of this a.m., all the computers are down completely,” the nurse said.

Another registered nurse at a facility in Arizona who worked this weekend said “the computer just started shutting down on its own.”

“Our medication system is all online, so that’s been difficult,” the Arizona nurse said.

The company took down systems used for medical records, laboratories and pharmacies across about 250 U.S. facilities Sunday to halt further spread of the malware attack, Universal Health President Marc Miller said in an interview Monday evening.

The outage caused no harm to patients, he said, adding that the company is investigating any reports of patients at risk. No patient or employee data appears to have been accessed, he said.

Mr. Miller declined to describe the nature of the malware. People familiar with the incident said it was a ransomware attack.

In a ransomware attack, hackers typically exploit computer vulnerabilities to install their software on a targeted computer network. The attackers then encrypt the data, making it unreadable, but they promise to unlock the system for a payment.

Ransomware attacks have become the biggest cyber threat facing corporations, said Charles Carmakal, a vice president with the cybersecurity company FireEye Inc. “They are causing a lot of havoc to organizations,” he said.

Based in King of Prussia, Pa., Universal Health operates facilities covering a range of services from psychiatric hospitals to emergency rooms to outpatient centers. The company also runs health-care facilities in Britain.

Universal Health’s U.K. hospitals weren’t hit by the attack, and networks there continue to operate, Mr. Miller said.

Where systems were affected, health-care workers switched to paper records for patients, he said, using protocols for events when computers are down, such as during maintenance. The company backs up its pharmacy records every 24 hours and has already restored some of its network, Mr. Miller said, while adding it is unclear how long it will take to fully recover from the attack.

Mr. Miller said that Universal Health is cooperating with the Federal Bureau of Investigation on the matter. An FBI spokeswoman didn’t immediately have a comment on the incident.

UHS this month said that CEO and company founder Alan Miller would retire from the post in January, while retaining the role of executive chairman. It appointed Marc Miller to serve as the next chief executive of the company that had about $11.4 billion in revenue last year.

The health-care facilities provider, in its latest annual report, warned that a cybersecurity incident could put it at risk of breaching U.S. health privacy rules known as HIPAA and could pose a risk of financial and reputational damage.

Under HIPAA, a malware attack that exposes patients’ personal health information could require hospitals to publicly disclose the breach, said Mark Barnes, a partner at the law firm Ropes & Gray LLP. Hospitals also face fines for privacy and security violations under the law. Ransomware attacks are a potential HIPAA violation, under guidance issued by federal health officials, Mr. Barnes said.

Hospitals are increasingly dependent on information technology after more than a decade of investment to expand use of computer medical records and growing numbers of networked medical devices. Those developments have made the sector highly vulnerable to malware, along with other industries at high risk of cyberattacks, such as banks, Moody’s Investors Service said last year.

Mr. Miller said that the hackers that attacked Universal Health Services used a previously unknown technique to break into the company’s computer systems. He declined to say whether the hackers had requested payment from the company.

Ransomware attacks have plagued other major institutions recently. A hacker of a large public-school district in Las Vegas published documents containing Social Security numbers, student grades and other private information stolen after officials refused the ransom demanded, The Wall Street Journal reported Monday.

International law enforcement authorities during the height of the pandemic warned that hospitals and health-care facilities in multiple countries were being targeted in ransomware attacks.

Often a ransomware attack is the first phase of a multistage extortion attempt from cybercriminals, FireEye’s Mr. Carmakal said. Criminals routinely demand millions of dollars to unlock the encrypted systems, and then follow that up by threatening to publish stolen data on the internet if they aren’t paid a second time.

Mr. Carmakal said that although health-care providers are frequent targets, most ransomware criminals stay away from hospitals because taking systems offline could cause patient harm. “Most people don’t want to kill other people in the process of making money,” he said. “But there are some who just don’t care and it’s a means to an end.”

Major Hospital System Hit,Major Hospital System Hit,Major Hospital System Hit,Major Hospital System Hit,Major Hospital System Hit,


Related Articles:

Hacker Releases Information On Las Vegas-Area Students After Officials Don’t Pay Ransom

Russian Troll Farms Posing As African-American Support For Donald Trump

US Moves To Seize Cryptocurrency Accounts Linked To North Korean Heists

These Illicit SIM Cards Are Making Hacks Like Twitter’s Easier

Uber Exec Allegedly Concealed 2016 Hack With $100K BTC ‘Bug Bounty’ Pay-Off

Senate Panel’s Russia Probe Found Counterintelligence Risks In Trump’s 2016 Campaign

Bockchain Based Surveillance Camera Technology Detects Crime In Real-Time

Trump Bans TicToc For Violating Your Privacy Rights While Giving US-Based Firm Go Ahead (#GotBitcoin?)

Facebook Offers Money To Reel In TikTok Creators

How A Facebook Employee Helped Trump Win—But Switched Sides For 2020

Facebook Rebuffs Barr, Moves Ahead on Messaging Encryption

Facebook Ad Rates Fall As Coronavirus Undermines Ad Spending

Facebook Labels Trump Posts On Grounds That He’s Inciting Violence

Crypto Prediction Markets Face Competition From Facebook ‘Forecasts’ (#GotBitcoin?)

Coronavirus Is The Pin That Burst Facebook And Google Online Ads Business Bubble

OpenLibra Plans To Launch Permissionless Fork Of Facebook’s Stablecoin (#GotBitcoin?)

Facebook Warns Investors That Libra Stablecoin May Never Launch (#GotBitcoin?)

FTC Approves Roughly $5 Billion Facebook Settlement (#GotBitcoin?)

How Facebook Coin’s Big Corporate Backers Will Profit From Crypto

Facebook’s Libra Is Bad For African Americans (#GotBitcoin?)

A Monumental Fight Over Facebook’s Cryptocurrency Is Coming (#GotBitcoin?)

Alert! 540 Million Facebook Users’ Data Exposed On Amazon Servers (#GotBitcoin?)

Facebook Bug Potentially Exposed Unshared Photos of Up 6.8 Million Users (#GotBitcoin?)

Facebook Says Millions of Users’ Passwords Were Improperly Stored in Internal Systems (#GotBitcoin?)

Advertisers Allege Facebook Failed to Disclose Key Metric Error For More Than A Year (#GotBitcoin?)

Ad Agency CEO Calls On Marketers To Take Collective Stand Against Facebook (#GotBitcoin?)

Thieves Can Now Nab Your Data In A Few Minutes For A Few Bucks (#GotBitcoin?)

New Crypto Mining Malware Beapy Uses Leaked NSA Hacking Tools: Symantec Research (#GotBitcoin?)

Equifax, FICO Team Up To Sell Your Financial Data To Banks (#GotBitcoin?)

Cyber-Security Alert!: FEMA Leaked Data Of 2.3 Million Disaster Survivors (#GotBitcoin?)

DMV Hacked! Your Personal Records Are Now Being Transmitted To Croatia (#GotBitcoin?)

Lithuanian Man Pleads Guilty In $100 Million Fraud Against Google, Facebook (#GotBitcoin?)

Hack Alert! Buca Di Beppo, Owned By Earl Enterprises Suffers Data Breach Of 2M Cards (#GotBitcoin?)

SEC Hack Proves Bitcoin Has Better Data Security (#GotBitcoin?)

Maxine Waters (D., Calif.) Rises As Banking Industry’s Overseer (#GotBitcoin?)

FICO Plans Big Shift In Credit-Score Calculations, Potentially Boosting Millions of Borrowers (#GotBitcoin?)

Our Facebook Page

Your Questions And Comments Are Greatly Appreciated.

Monty H. & Carolyn A.

Go back

Leave a Reply