Universal Health Services, one of the largest healthcare providers in the U.S., has been hit by a ransomware attack.
The attack hit UHS systems early on Sunday morning, according to two people with direct knowledge of the incident, locking computers and phone systems at several UHS facilities across the country, including in California and Florida.
One of the people said the computer screens changed with text that referenced the “shadow universe,” consistent with the Ryuk ransomware. “Everyone was told to turn off all the computers and not to turn them on again,” the person said. “We were told it will be days before the computers are up again.”
It’s not immediately known what impact the ransomware attack is having on patient care.
An executive who oversees cybersecurity at another U.S. hospital system, who asked not to be named as they were not authorized to speak to the press, told TechCrunch that patient medical data is “likely safe” as UHS relies on Cerner, a healthcare technology company, to handle its patients’ electronic health records.
UHS has 400 hospitals and healthcare facilities in the U.S. and the U.K., and serves millions of patients each year.
A spokesperson for UHS did not immediately respond to a request for comment.
The Ryuk ransomware is linked to a Russian cybercrime group, known as Wizard Spider, according to security firm Crowdstrike. Ryuk’s operators are known to go “big game hunting” and have previously targeted large organizations, including shipping giant Pitney Bowes and the U.S. Coast Guard.
Some ransomware operators said earlier this year that they would not attack health organizations and hospitals during the COVID-19 pandemic, but Ryuk’s operators did not.
Last week, police in Germany launched a homicide investigation after a woman died after she was redirected to another hospital following a ransomware attack.
We’ll have more on the UHS incident as we get it.
Send tips securely over Signal and WhatsApp to +1 646-755-8849 or send an encrypted email to: [email protected]