Suspected ransomware attack disrupts hospital chain

A suspected ransomware attack disrupted patient care at a large chain of hospitals and clinics operating in the United States and Britain, the latest in a series of cyberattacks on the health care system in recent months.

Universal Health Services said in a statement it suffered “an information technology security incident” on Sunday which “may result in temporary disruptions to certain aspects of our clinical and financial operations.”

UHS, which operates 26 acute care hospitals and other health facilities in the US and Britain, said acute care and behavioral health operations were “utilizing their established back-up processes including offline documentation methods.”

The cybersecurity blog BleepingComputer said the attack appeared to be using Ryuk, malware linked to North Korean hackers which encrypts computer systems until a ransom is paid.

One UHS employee told BleepingComputer that files were being renamed to include the .ryk extension used by Ryuk.

Employees discussing the attack on online message boards said ambulances and patients were being redirected from UHS hospitals to other facilities.

The incident marked the latest in a string of cyberattacks on health care facilities in recent months, with hackers preying on outdated computer systems and the belief that hospitals would be likely to pay a ransom to avoid endangering patients during the coronavirus pandemic.

Security researchers have said several other hospital systems have been hit by ransomware in recent weeks with possibly fatal consequences.

“More and more groups have started to steal data and using the threat of releasing it as additional leverage to extort payment,” the security firm Emsisoft said in a recent blog post.

“Cybercriminals are better resourced and more motivated than ever.”

Emsisoft said at least 219 organizations in the US government, education and healthcare sectors, including “multiple hospitals” have fallen victim to ransomware attacks.


Source Article