Universal Health Services Hit With Massive Ransomware Attack

UHS has confirmed that the “IT Network across Universal Health Services (UHS) facilities is currently offline due to an on-going IT security issue.” 

Universal Health Services is a Fortune 500 hospital and healthcare services provider, has reportedly shut down all systems at healthcare facilities across the US after a cyber-attack hit its network early Sunday morning. UHS provides healthcare services to approximately 3.5 million patients each year.  

According to employees, the ransomware attack took place between Saturday and Sunday around 2 am central time.  Employee’s said computers rebooted and then showed a ransom note on the screen around that time.  IT staff immediately shut computers down and asked personnel to keep systems offline.  

Ransomware is not new and attacks against the healthcare industry have continued to rise in 2020.  Healthcare organizations are in the top 5 industries targeted by cybercriminals since PHI (Patient Health Information) is worth more on the black market.  Employees from UHS have been posting claims of how this incident was caused on social networking website Reddit.  One thread stated the incident was caused by a ransomware strain named Ryuk but could not provide evidence to support their claim. 

Ryuk is a type of crypto-ransomware that uses encryption to block access to a system, device or file until a ransom is paid. Ryuk is often dropped on a system by other malware, most notably Trickbot. Ryuk is difficult to detect as it’s often spread via other malware dropping into already existing infected systems.  

Ryuk ransomware is linked to a Russian cybercrime group known as Wizard Spider according to Security firm Crowdstrike.  Ryuk’s operations are known to go “big game hunting: and have previously targeted large organizations including the US Coast Guard.   

Instituting behavioral monitoring tools like Endpoint Detection and Response and a vulnerability management program is a step towards being more cyber secure. To learn more about why you need more than Antivirus to protect your networks, watch our on-demand webinar here. Or, if you’re ready to reduce your risk, schedule a 15-minute consultation with one of our healthcare experts. 

Jerome Smith

Jerome Smith

 Jerome Smith is the Director of Cybersecurity Engineering with over 17 years’ experience in enterprise Information Technology Engineering and Cybersecurity; a dedicated advocate for the effective and secure use of technology in business. Responsible for cybersecurity engineering for Corsica Technologies including Cybersecurity offering Implementation, integration, and development.  Certifications: VMware VCP-DV and VCP-NV, Nutanix NPP, Cisco CMNA, Fortinet NSE 3, Accolades: VMware vExpert Award 2015-2018

Comments are closed.