What you need to know about the forces reshaping our industry.


September 29, 2020

Universal Health Services has been hit with an apparent major cyberattack

Daily Briefing

    Universal Health Services (UHS), which operates more than 250 U.S. hospitals and other clinical facilities, has been hit with an apparent ransomware attack that has reportedly locked staff out of computers and impacted other digital devices.

    5 steps to advance your organization’s cyber risk posture

    Details on the attack

    In a statement, UHS said, "The IT Network across [UHS] facilities is currently offline, due to an IT security issue." It added that no data belonging to patients or employees "appears to have been accessed, copied, or misused."

    UHS has not shared the number of facilities impacted or the type of security threat it has experienced. However, NBC News—which described the incident as seemingly "one of the largest medical cyberattacks in United States history"—reports that a person familiar with UHS' response said the attack "looks and smells like ransomware."

    One clinician at a UHS facility in Washington D.C. told the AP that computers and phones were down, and that staff were unable to access lab results, imaging scans, medication lists, and more. As a result, the clinician said, staff had started keeping records on paper and diverting incoming ambulances to other hospitals.

    "These things could be life or death," according to the clinician, who—like other UHS workers cited in AP's coverage of the incident—spoke on condition of anonymity because they were not authorized to speak to the press.

    Meanwhile, in Texas, a UHS worker told the AP they had "no access to any patient files, history, nothing. Doctors aren't able to access any type of X-rays, CT scans." The worker added that ED wait times had increased from 45 minutes to six hours.

    The Texas worker added that, on Monday, many devices connected to Wi-Fi stopped working, including telemetry monitors that monitor patients' heart rates, blood pressure, and oxygen levels. The monitors were restored with ethernet cabling, the AP reports.

    An RN at a UHS facility in Arizona told the AP that, over the weekend, "the computer just started shutting down on its own," adding that the hospital's "medication system is all online, so that's been difficult." The nurse said providers and staff are hand-labelling every medication.

    UHS' response

    In its statement, UHS said, "We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible."

    It added, "In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively."

    UHS added that none of its hospitals in the United Kingdom were affected by the attack.

    John Riggi, senior cybersecurity adviser to the American Hospital Association, said the attack on UHS was a "suspected ransomware attack."

    "We are most concerned with ransomware attacks which have the potential to disrupt patient care operations and risk patient safety," Riggi said. "We believe any cyberattack against any hospital or health system is a threat-to-life crime and should be responded to and pursued as such by the government."

    Ransomware attacks are a growing concern in the United States, the AP reports. Data from the cybersecurity firm Emsisoft shows 764 U.S. health care providers experienced a ransomware attack last year (Bajak/Alonso-Zaldivar, Associated Press, 9/29; Snider, USA Today, 9/28; Brown, CNET, 9/28; Landi, FierceHealthcare, 9/28; Collier, NBC News, 9/28).

    Have a Question?


    Ask our experts a question on any topic in health care by visiting our member portal, AskAdvisory.