Universal Health Services (UHS) located in King of Prussia, PA has experienced a big security breach that resulted in the inaccessibility of its IT systems. The health system has got at least 400 healthcare facilities around the United Kingdom and the United States.
The Fortune 500 healthcare company has over 90,000 workers and caters to close to 3.5 million patients every year. As per a statement posted on its web page, the organization encountered an IT security incident on September 27, 2020 in the early morning hours. When the discovery of the data breach, UHS stopped user access to its information technology software associated with operations based in the USA.
UHS has executed data security and emergency practices and is working directly with its security associates to offset the attack and bring back its IT functions immediately. The cyberattack deactivated its IT systems so that impacted hospitals could not access their communication and computer networks. The attack did not affect UK. establishments.
The attack compelled UHS to reroute ambulances to other healthcare service providers and patients needing surgery were moved to another closeby hospital. The notification on the UHS site says that although this issue may cause temporary interferences to selected areas of clinical and financial processes, the acute care and behavioral health section are using their set up back-up systems which include offline recording options. Patient care is still delivered securely and properly.
UHS President Marc Miller gave a report on Monday stating that UHS took its IT systems offline on Sunday so as to control a malware attack. Around 250 U.S. healthcare facilities use the IT systems, which included health record systems and those utilized by labs and pharmacies throughout the nation.
Marc Miller failed to give any information regarding the nature of the malware, however, a number of people who maintain they are working for UHS have offered details concerning the attack that clearly indicates there was ransomware involved. BleepingComputer was approached by a UHS employee and stated that before the system deactivation, there was a renaming of data files utilizing the .ryk extension, which was linked to the Ryuk ransomware.
A number of other workers have said viewing a ransom notice on their computers with the text “Shadow of the Universe,” which is connected with Ryuk ransom notices.
Ryuk ransomware is frequently used as a TrickBot Trojan’s secondary payload. The TrickBot is sent by the Emotet Trojan. Emotet attacks typically begin with a phishing email. Vitali Kremez of Advanced Intel mentioned that their Andariel platform discovered several Emotet and TrickBot infections at UHS through 2020, with the most recent discovery in September.
The Ryuk ransomware operators are well-known to exfiltrate information before using the ransomware; nonetheless, UHS states on its webpage that there seems to be no patient or employee data viewed, copied or exposed in the attack.