Universal Health Services, one of the largest US for-profit hospital operators, was hit by a massive cyberattack over the weekend, reportedly forcing staff at some of its facilities to record patient data with “pen and paper.”
The attack “looks and smells like ransomware,” NBC reported, citing an unidentified person familiar with the incident. Ransomware attacks spread viruses across computer systems and encrypt files, then demand payment for data to be made available again.
The incident was billed as one of the largest medical cyberattacks in US history. It caused Universal’s computer systems to begin failing over the weekend.
IT systems at Universal’s facilities, which span more than 400 locations across the US and the UK, are currently offline, the company said. Universal didn’t specifically confirm that the breakdown stemmed from a cyberattack, citing only an “IT security issue.” It said it’s “working diligently” with its IT security partners to restore system operations as quickly as possible.
“In the meantime, our facilities are using their established back-up processes, including offline documentation methods,” Universal said. Patient care is still being delivered safely and effectively, the firm added, and no patient or employee data appears to have been accessed, copied or misused.
King of Prussia, Pennsylvania-based Universal operates behavioral health hospitals, acute-care hospitals, emergency care outlets and surgery centers. It also manages 11 physician networks.
Ransomware attacks can be devastating to health care providers and cause treatment delays because hospitals typically access patient data online. NBC cited a Universal nurse in Arizona as saying patient data had been backed up as of the end of Sept. 26, but hand-labeling each medication has made things more difficult. The global WannaCry ransomware attack in 2017 forced the UK’s government-run National Health Service (NHS) to cancel about 19,000 patient appointments.
Like this story? Share it with a friend!
