Ransomware Attack Cost Universal Health Services $67 Million in 2020

2020 was a notably awful year for the healthcare industry in terms of ransomware attacks. Fortune 500 healthcare system Universal Health Services (UHS) based in King of Prussia, PA suffered one of the worst ransomware attacks.

UHS, which manages 400 hospitals and behavioral health centers in the United Kingdom and the United States, encountered a cyberattack last September 2020 that damaged all of its IT solutions, impacting all the hospitals and healthcare centers it manages throughout the nation.

The telephone system was not available including access to computers and electronic health records. Because of this, staff had to use pen and paper to log patient data. In the hours immediately following the attack, the health system redirected ambulances to other facilities, and a few elective operations were either delayed or redirected to competitors. Patients noted getting test results later during the time UHS is recovering from the ransomware attack.

UHS worked quickly to recover its information technology system after the ransomware attack and worked 24 / 7 to get back to regular business operations; nevertheless, the recovery time took about 3 weeks. The interruption obviously had a big effect financially, as the UHS’ 2020 quarter 4 revenue report showed $42.1 million in deficits, which equaled to 49 cents for every diluted share. UHS finished the quarter having $308.7 million in profits, increasing by 6.6% from Q4 of 2019.

Reestablishing its IT infrastructure contributed to a considerable increase in labor expenses, both within and without the company. Cash flows were likewise impacted as selected admin functions like coding and billing were overdue up to December 2020.

UHS has submitted reports of total pre-tax losses amounting to about $67 million in 2020 because of the ransomware attack, mainly because of the reduction of operating revenue, decrease in patient activity, and higher revenue reserves due to delayed billings. UHS is convinced it is eligible to retrieve most of the $67 million in insurance coverage.

About Christine Garcia 1192 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA