One of the US’s largest healthcare providers has been hit by what looks like a highly coordinated ransomware attack (via NBC News). Over the weekend, hospitals in the US operated by Universal Health Services started to notice problems with their IT systems, with some employees reporting that they could not access their computers.
In a statement the company shared on Monday morning, UHS said its computer network is down due to an “IT security issue.” The company says it doesn’t appear like employee or patient data was accessed in the incident. UHS cares for approximately 3.5 million patients each year and operates about 400 healthcare facilities across the US and UK.
“We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible,” the statement reads. “Patient care continues to be delivered safely and effectively.”
NBC News reports some UHS hospitals have had to fall back on filing patient information using pen and paper due to the attack. On Reddit and Twitter, there are also reports of UHS facilities redirecting ambulances to other nearby hospitals. “When the attack happened multiple antivirus programs were disabled by the attack and hard drives just lit up with activity,” says one of those reports.
A UHS employee told Bleeping Computer that they saw files renamed during the attack to include a .ryk extension. That extension is associated with the Ryuk ransomware. Like most other ransomware, Ryuk encrypts files to prevent someone from accessing them until they pay a fee.
If UHS was the victim of a ransomware attack, it wouldn’t be the first time a healthcare provider has been the target of a cyberattack. On September 9th, Düsseldorf University Hospital in Germany sent a patient to a hospital 19 miles away after hackers compromised their IT systems in a ransomware attack. The patient died while doctors tried to transfer her to the other hospital.