Universal Health Services has reported that its 250 hospitals within the United States are in business and trying to get an alleged person to be behind the attack that impacted its systems for 3 weeks. The attack began some time on September 27, 2020. On October 12, UHS has all its systems back online. A notice put up on its website stated the continuation of normal operations in the hospitals after the completion of the back-loading of information.
When systems were not available, physicians had to use pen and paper to be able to keep on offering treatment for patients and, in certain areas, patients had to be taken to substitute facilities to get treatment.
The health system revealed that a malware attack caused the security breach and the power down of its network; nevertheless, a number of insiders went to Reddit to speak up their concerns and said that this was a ransomware attack. Based on the information shared by those insiders, the attack looked like it involved Ryuk ransomware. The Ryuk ransomware gang are well-known to exfiltrate data files prior to deploying the ransomware; but, UHS said that there is no evidence found to show that the attackers accessed, copied or misused employee or patient data.
Sen. Mark Warner, D-VA sent a letter to the UHS Chairman and CEO Alan Miller to obtain responses to some questions regarding the attack and the security measures that were integrated to avoid and reduce the severity of a ransomware or malware attack. In his letter, Sen. Warner mentioned his major concerns regarding the security of the United Health Services’ digital medical data and breakdown of clinical healthcare functions whenever there is a cyber attack.
UHS, as one of the largest hospital operators in the United States, provides patient care to more than 3.5 million individuals each year throughout its 250 hospitals. Considering all the resources of a Fortune 500 organization that gets more than $11 billion in annual income, it is expected that the UHS’s cybersecurity posture is powerful enough to hinder major disruptions to health care treatments.
Sen. Warner asked if UHS had segmented its system to avert the horizontal movement of attackers so that a breach won’t spread to affect all facilities. Sen. Warner additionally inquired whether clinical medical equipment was separated from management systems and networks to make certain that those gadgets won’t be disrupted in the event of a cyberattack.
In light of the posts made by the UHS insiders, Sen. Warner questioned if there was any ransom payment made by UHS to decrypt files, whether any patient information became inaccessible because of the attack, and if the hackers downloaded any medical information from UHS managed facilities.
Sen. Warner is looking for answers to those and other issues concerning the UHS cybersecurity procedures in the next 2 weeks.