UHS hospital network hit by ransomware attack

UHS operates more than 400 hospitals across the US and UK. Some US hospitals have been down since Sunday.
Written by Catalin Cimpanu, Contributor

Universal Health Services (UHS), a Fortune 500 company and one of the largest healthcare providers in the US, has been impacted by a ransomware attack over the weekend.

UHS hospitals have been operating without internal IT systems since Sunday morning, according to employees and patients who took to social media today.

Some patients have been turned away and emergencies have been redirected to other hospitals after UHS facilities were unable to carry out lab work.

According to UHS employees, the ransomware attack took place on the night between Saturday and Sunday, September 26 to 27, at around 2:00 am CT.

Employees said computers rebooted and then showed a ransom note on the screen. Computers were then shut down, and IT staff asked hospital personnel to keep systems offline.

ZDNet has confirmed IT issues with UHS hospitals and care centers in North Carolina and Texas.

Similar IT issues were also reported in Arizona, Florida, and California, according to a Reddit thread started today.

The Reddit thread also contains first-hand accounts from multiple users claiming to be UHS employees.

"I work at a UHS facility in Tucson and our [EXPLETIVE] is definitely down. They won't even let us turn the computers on for going on over 24 hours. We're a psych hospital so no one is dying from not getting their lab results back in time," wrote a user named chickenismurder.

"I work at an inpatient psych site in Philly PA. The nurses told me they asked the patients what they take for morning meds and then didn't even distribute evening meds bc they have no record of their medications. I had to hand write all my notes from photocopies of the note format and look through the charts for each treatment goal. It was a nightmare," wrote another user named rebeIduckling.

On its website, UHS claims to manage more than 400 hospitals and care centers in the US and UK. The true extent of the attack remains to be determined.

Despite early reports today that UHS' entire network was impacted, several hospitals denied having issues in phone calls with ZDNet today.

While UHS hospitals were willing to confirm IT issues to ZDNet today, a UHS spokesperson from its corporate offices did not return a request for comment. The company did, however, issue a formal statement admitting to the incident after this article's publication.

Employees from the same Reddit thread have told ZDNet the incident was caused by a ransomware strain named Ryuk, but could not provide any evidence to support their claims except what they heard from fellow workers. Ryuk is a ransomware operation that has been recently quiet for months, but has returned to normal operations last week.

Article updated at 12:20am ET with link to UHS official statement.

Editorial standards