2020 was a remarkably horrible year for the medical care industry with regards to ransomware attacks. One of the hardest hit by ransomware attacks is the Fortune 500 healthcare system Universal Health Services (UHS) located in King of Prussia, PA.
UHS, which operates 400 hospitals and behavioral health centers throughout the U.K. and the U.S., experienced a cyberattack in September 2020 that ruined all of its IT systems, affecting all the hospitals and medical centers it operates all over the nation.
The telephone system, computers, and electronic health records were not accessible. For this reason, personnel used pen and paper for recording patient information. During the hours right after the ransomware attack, the health system rerouted rescue ambulances to other establishments and delayed or redirected some elective operations to other hospitals. Patients remarked that test results were also delayed while the UHS is working on recovery from the attack.
After the ransomware attack, UHS worked rapidly to bring back its IT system, working around the clock to restore normal business operations; however, it took 3 weeks to attain recovery. The interruption of course had a big impact on finances. The UHS’ revenue report for quarter 4 of 2020
indicated a loss of $42.1 million, which translates to 49 cents per diluted share. UHS ended the quarter with $308.7 million in revenue, rising by 6.6% compared to quarter 4 of 2019.
Restoring its IT infrastructure added a considerable amount to labor expenses, inside and outside the company. The impact on cash flows meant that some admin tasks such as coding and billing had become delinquent until December 2020.
Because of the ransomware attack, UHS sent reports of about $67 million pre-tax losses in 2020, primarily as a result of the decline of operating income, lower patient activity and greater revenue reserves on account of overdue billings. UHS believes that it will be able to get back the majority of the $67 million from its insurance policy coverage.