An Overview of the 2020 UHS Ransomware Attack

This past weekend, the Fortune 500 hospital and healthcare services provider Universal Health Services (UHS) fell victim to an immobilizing ransomware attack.

This is just another exploit on the growing list of ransomware attacks in 2020. Not only are the sheer number of exploits rising, but the severity of impact is climbing as well— with this year being the first time a ransomware attack has been connected to a death, according to NBC News.

In order to understand this increasing cyber threat landscape, it’s important to stay informed on the latest attacks. 

Here’s a summary of happened to UHS and some tips for safeguarding against these types of malicious system compromises:

What Happened?

During the weekend of September 26-27, a number of the hospital and healthcare companies using Universal Health Services (UHS) software started experiencing issues with their computers. Two UHS nurses in separate states told NBC that their facility’s necessary work devices began shutting down, forcing staff to document patient interactions by pen and paper.

With medication systems and crucial medical reports offline and other important treatment data inaccessible, healthcare systems across UHS’s 400+ facility network were backed into a precarious corner on Sunday. 

Come Tuesday, Universal Health Services made a formal statement, confirming that their systems were still offline “as the company works through a security incident caused by malware.”

The company confirmed that the weekend cyber attack caused a shutdown of all networks across their United States enterprise. UHS has made no promises on a resolution timeline, but three days post-attack, they announced, “certain applications have already started coming online again, with others projected to be restored on a rolling basis across the U.S.”

The Implications of the Attack

While Universal Health Services incrementally works to restore downed systems, many hospital and healthcare facilities are continuing to operate with limitations. In critical cases, some facilities may be forced to re-route patients to other treatment centers, which may prompt an increased possibility of complications or even death.

"Patient safety and cybersecurity are directly related," a doctor told Healthcare IT News. "If computer systems are the sole means for running critical systems— such as lab results, PACS, etc.— then when they go down, these essential units are unable to function. Patients will need to be turned away."

Beyond the day-by-day restrictions on operations, others are concerned about the privacy of patient data. In UHS’s Tuesday statement, the corporation defended that, “We have no indication at this time that any patient or employee data has been accessed, copied or misused,” but that’s not to say it could still be compromised in days to come or that new details of a leak may arise. Only time will reveal the full effects of the attack.

The Growing Threat of Ransomware

Twenty twenty brought with it a consistent strike of ransomware attacks. With more corporations allowing their teams to work from home due to COVID-19 and times of financial uncertainty, bad actors are capitalizing on vulnerabilities like never before.

After watching large corporations like Garmin and Universal Health Services fall for highly-devised social engineering schemes, there’s an increasing need for cybersecurity education.

Looking for ways to elevate your team’s security posture? Start with your employees, who are often hacker’s prime targets. Here are some excellent ways to keep your remote users savvy as well as a few ways hackers are modifying their schemes in light of COVID to begin making actionable moves towards heightening your defenses. 

5 ½ Steps to Better Cybersecurity

Forget the long, overwhelming security checklists. In our free ebook, we highlight just five steps to dramatically elevate your security posture, today. Download our guide to receive expert advice from Kevin Mitnick and the Global Ghost team.

New call-to-action

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

PCI Testing: Everything You Need To Know

Penetration testing is crucial for businesses to help ensure that their security posture will stand against threat actors. For businesses that handle ..

Read more ›

The 4 Phases of Penetration Testing

So, you’ve done your research on penetration testing and are ready for the pentest engagement. But before you choose just any pentesting vendor, it’s ..

Read more ›

What is Web Application Penetration Testing?

Is your company in the process of developing a new application? There are a lot of moving parts involved in developing and deploying cutting-edge appl..

Read more ›