UHS was among the first hit with the coordinated ransomware wave that targeted the healthcare sector last year. On September 29 last year, Universal Health Services announced in a press release that due to an IT security incident that took place two days earlier, it had to suspend user access to its IT applications related to operations located in the United States.
In the early hours of September 27, UHS clinicians and staff members took to Reddit to determine if other UHS employees across the country were experiencing similar computer and phone outages.
The thread detailed internet and data center outages, with one employee attributing the incident to a ransomware attack after seeing ransom messages from the Ryuk hacking group displayed on some computer screens.
Upon discovery, the IT team took all systems offline to prevent further propagation. The following day, UHS officials confirmed the event as an IT disruption, before reporting as a malware infection several days later.
The disruption caused by the ransomware attack was immense, considering UHS is among the largest providers of hospital and healthcare services in the US, featuring among Fortune 500 companies in 2019 with annual revenue of $11.4 billion and also ranking #330 in Forbes list of U.S.' Largest Public Companies.
The company employs around 90,000 people across 26 acute care hospitals, 330 behavioral health facilities, 41 outpatient facilities, and a number of ambulatory care access points and a network of physicians. Aside from the US, Universal Health Services also operates in Puerto Rico and the United Kingdom.
UHS said that it immediately implemented extensive IT security protocols and was working with security partners to restore the affected IT services as soon as possible. The incident caused temporary disruption to some clinical and financial operations, forcing acute care and behavioural health facilities to rely on offline documentation efforts to deliver round-the-clock patient care.