Massive U.S. Healthcare Company UHS a Victim of Major Cyber Attack

Category

News

Risk Level

Threat Levels-05.png
 

Updated 3:20pm [09/28/2020]. This story is developing.

Following on the heels of a story from earlier this month in Germany where the first known death from a cyber attack occurred, United States based Fortune 500 healthcare provider Universal Health Services (UHS) appears to be the victim of a major cyber attack. The company is “one of the nation’s largest and most respected providers of hospital and healthcare services, has 400 acute care hospitals, behavioral health facilities and ambulatory centers across the U.S., Puerto Rico and the U.K.”

UHS Facility Locations (source)

UHS Facility Locations (source)

UHS put out a statement at 10:45am this morning [09/28/2020] about the incident:

The IT Network across Universal Health Services (UHS) facilities is currently offline, due to an IT security issue.

We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible. In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively.

No patient or employee data appears to have been accessed, copied or misused.

While this statement is vague on details, multiple sources are now pointing to the cyber attack being a massive infection of the Ryuk ransomware (check out our overview on ransomware here). The attack appears to have started over the weekend, with reports of the impact being felt at UHS locations across the country. Most notably, many locations are unable to use any computer based processes, including lab testing, patient record retrieval, and even using the phones. For much of UHS, this means reverting back to paper based processes which may not have been updated in years, and could impact provider’s ability to provide treatment while already strained under COVID-19.

As a reminder, this is why the “availability” of an IT system is one-third of what we try to protect in the cybersecurity industry. You can read more about this in another ACT post about the difference between IT and cybersecurity. However, certain types of ransomware are also known to exfiltrate data, or steal it, in addition to encrypting the information. This means that even if UHS is able to regain access to its data, hackers may have already stolen the information - potentially impacting millions of patients. While the statement from UHS says this is not the case, it may be too early in the incident to make that call.

It is currently unknown how UHS was infected with the ransomware, however reports are pointing to the attack starting with a phishing email. In addition, due to the widespread nature of the attack, it’s possible the infection took advantage of the recent Windows vulnerability so serve that an Emergency Directive was put out by the Department of Homeland Security (DHS). The directive required immediate patching for all Windows servers via the Domain Controllers within three days (by September 21, 2020) to stop potential cyber attacks. This was an unprecedented timeline for patching, meaning DHS had insight into the problems the issue could cause.

This story is developing…

Stay ahead of phishing emails with ePHISHiency, our phishing simulation platform, and validate your patches are in place with our vulnerability assessments. Contact Hive Systems today.

 

Follow us - stay ahead.


Read more of the ACT

Previous
Previous

Let's Talk About Phishing Red Flags

Next
Next

They're Not Who You Think They Are