- Universal Health Services, a chain of hospitals with more than 400 sites, was hit by a cyberattack that caused its computer and telephone systems to crash.
- The attack, first reported by Bleeping Computer, bears the signs of a ransomware attack in which hackers hijack an organization’s systems and refuse to hand them over unless the victim pays a large ransom.
- UHS, one of the largest hospital chains in the country, should have canceled surgeries and redirected ambulances as it scrambled to deal with the cyberattack.
- Visit the Business Insider homepage for more stories.
An unprecedented cyberattack on one of the largest hospital chains in the United States compromised the computer and telephone systems of hundreds of hospitals this week.
Universal Health Services, which operates more than 400 hospitals across North America, began experiencing blackouts on Sunday evening that disconnected all staff from computer systems and prevented them from reconnecting, Bleeping Computer reported for the first time. time.
These blackouts have continued for days, forcing hospitals across the United States to postpone surgeries and hijack ambulances. UHS President Mark Miller told the Wall Street Journal on Monday night that the UHS shut down its own systems after a hack was detected in order to avoid further damage, delaying some operations.
While some hospital functions were disrupted, no patients were injured by the outage, Miller added.
UHS did not immediately respond to Business Insider’s questions about the nature of the attack. The company said in a statement posted on its website that its systems were affected by a “computer security problem” but did not confirm the specifics of the attackers’ methods or objectives. No patient data has been compromised, UHS said.
The attack appears to carry the hallmarks of a ransomware attack, according to UHS employees who spoke to Bleeping Computer. Ransomware attackers use malicious code to compromise an organization’s computer systems, then demand that victims pay in order to regain access.
Ransomware attacks have become more frequent in recent years, and hospitals are a prime target. Attacks on hospitals have increased amid COVID-19, according to a report from Microsoft, as hospitals turn to new, unknown telemedicine platforms and are increasingly strapped for cash during the pandemic.
Hackers see hospitals as valuable targets because their systems are critical to the well-being of patients, making them more likely to pay ransom. In addition, patient health data is considered valuable, according to Torsten George, an analyst at cybersecurity firm Centrify.
“The UHS incident is the latest in a series of healthcare-focused ransomware attacks,” George told Business Insider. “Hospital systems are mission critical, and with many lives at stake, healthcare organizations are more likely to pay a ransom to get back on track quickly. ”
According to cybersecurity experts and law enforcement – including the FBI – the targets should avoid paying ransom at all costs to bankrupt hackers.