Computer systems at Universal Health Services (UHS), which controls behavioral health facilities and around 400 hospitals in the U.S. and the U.K., started to decline over the weekend when they were hit by a huge cyberattack that has broken down all of its IT systems.
The health system did not respond to any requests for comment but issued a statement on Monday stating, “We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible. In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively”.
UHS hospitals in the U.S. comprising those from Texas, Arizona, Washington D.C, Florida, and California are reportedly left without computer and phone systems. Impacted hospitals are relocating patients and diverting ambulances to other nearby hospitals, UHS has around 90,000 workers and gives healthcare assistance to almost 3.5 million patients each year.
UHS employees started reporting the issue on Monday via Reddit stating that an attack has been shutting down systems at several hospitals, compelling them to alienate patients. One Reddit user working at a UHS facility in the Southeast said, “multiple antivirus programs were disabled by the attack and hard drives just lit up with activity.”
Based on information which was conveyed, the invasion on UHS’ system was likely due to a phishing attack. A well-known ransomware known as Ryuk appears to be behind this attack. An employee said, “during the cyberattack files were being renamed and the .ryk extension was being included. This extension is used by the Ryuk ransomware, the health system ensured that no patient or worker data seems to have been accessed, misused or copied.