Suspected Universal Health Services Ransomware Attack: Senator Warner Seeks Answers

Universal Health Services has revealed the every one of its 250 United States based hospitals are 100% back in action following a suspected ransomware attack.

The attack in question took down its systems for a period of three weeks. The attack began some time around September 27, 2020. All systems were back online by October 12. An update was posted on the UHS web portal stating: “With back-loading of data substantially complete at this point, hospitals are resuming normal operations.”

While systems were inactive, medics had to use with pen and paper to continue treating patients and, at some locations, patients had to be moved to alternate facilities to receive treatment.

The health system revealed that it was a malware attack that caused this situation. However some experts are claiming that it was actually a ransomware attack and indications are that the attack involved the use of Ryuk ransomware. The operators of Ryuk ransomware are known to steal data before to the deployment of ransomware; however, UHS is strong in its stance that there is nothing to suggest employee or patient data were accessed, copied, or improperly used.

Sen. Mark Warner, D-VA has contacted UHS Chairman and CEO Alan Miller requesting answers to a number of questions about the attack and the cybersecurity structure that had been put in place to stop and restrict the severity of a ransomware or malware attack. Sen. Warner said he had “grave concerns about United Health Services’ digital medical records and clinical healthcare operations succumbing to an apparent ransomware attack.”

UHS supplies care to over 3.5 million patients annually in its 250 hospitals and is one of the biggest hospital groups in the United States.

Senator Warner said: “With the full resources of a Fortune 500 company receiving over $11 billion in annual revenue, UHS’s patients expect and deserve that their provider’s cybersecurity posture to be sufficiently mature and robust to prevent major interruptions to health care operations.”

He (Sen. Warner) asked if UHS had segmented its network to stop the lateral movement of cybercriminals and prevent an attack from spreading to impact all facilities. Sen. Warner also questioned whether clinical medical devices had been move to a different location that administrative systems and networks to ensure that in the event of a cyberattack those devices would not be interrupted.

Sen. Warner is looking for answers to those and other queries about UHS cybersecurity practices within a period of two weeks.