Sen. Warner Inquires About the Alleged Universal Health Services Ransomware Attack

Universal Health Services has affirmed that its 250 hospitals in the USA are operational and hoping to catch a person thought to be behind the ransomware attack that shut down its systems for three weeks. The attack commenced on or around September 27, 2020. By October 12, UHS has restored online access to all its systems. An announcement published on its web page stated the resumption of normal operations in the hospitals following the conclusion of the back-loading of data files.

During the time the systems were non-functional, doctors were compelled to utilize pen and paper so as to carry on giving health care for patients and, in a number of places, patients were redirected to other facilities to get treatment.

The health system said that a malware attack prompted the data breach and the de-activation of its network; nonetheless, a few insiders used Reddit to express their worries and stated that the incident was a ransomware attack. According to the details disclosed by those insiders, the incident seemed to have involved Ryuk ransomware. The Ryuk ransomware operator is recognized to exfiltrate information before ransomware deployment; then again, UHS reported that there is no proof discovered to suggest that the attackers viewed, duplicated, or misused employee or patient information.

Sen. Mark Warner, D-VA wrote to the UHS Chairman and CEO Alan Miller to obtain replies to a number of questions concerning the attack and the defense measures that were used to avert and limit the extent of a cybersecurity attack. In his correspondence, Sen. Warner mentioned his serious issues with regards to the security of the United Health Services’ electronic health data and shutdown of clinical healthcare functions anytime there’s a ransomware attack.

UHS, as one of the biggest hospital systems throughout the United States, gives patient care to over 3.5 million persons every year in all its 250 hospitals. Thinking about all the means of a Fortune 500 firm that has above $11 billion in yearly earnings, it is envisioned that the UHS’s cybersecurity infrastructure is effective enough to stop major disturbances to medical care procedures.

Sen. Warner asked whether or not UHS had segmented its system to avoid the extensive move of cybercriminals to ensure that a breach will not impact all services. Sen. Warner likewise inquired if clinical medical equipment was taken away from admin systems and networks to be sure that those gadgets are not interfered with in case of a cyberattack.

In light of the information created by the UHS insiders, Sen. Warner inquired whether there was any ransom transaction done by UHS to restore files, whether any patient data files became unavailable due to the attack, and if the attackers exfiltrated any healthcare information from UHS run facilities.

Sen. Warner wants information on those and other queries regarding the UHS cybersecurity strategies within just two weeks.

About Christine Garcia 1191 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA