- Universal Health Services, a hospital chain with over 250 locations in the US, was hit with a cyberattack that has caused its computer and phone systems to fail.
- The attack, first reported by Bleeping Computer, bears the signs of a ransomware attack in which hackers hijack an organization's systems and refuse to turn them over unless the victim pays a hefty ransom.
- UHS, one of the nation's largest hospital chains, reportedly had to cancel surgeries and reroute ambulances as it scrambled to address the cyberattack.
- As of Tuesday afternoon, UHS' systems were still down and employees were relying on pen and paper to conduct business, an employee told Business Insider.
An unprecedented cyberattack against one of the largest hospital chains in the US has compromised the computer and phone systems at hundreds of
Universal Health Services, which operates more than 250 hospitals across North America, started experiencing outages Sunday night that logged all staff out of computer systems and blocked them from logging back in, Bleeping Computer first reported.
Those outages have continued for days, forcing hospitals across the US to postpone surgeries and divert ambulances. Staff were instructed to conduct all business using pen and paper — a protocol that was still in place as of Tuesday afternoon, according to one UHS employee based in Arizona.
"It's been three days and we still don't know what's going on," said the UHS employee, who spoke to Business Insider on the condition of anonymity because they were not authorized to speak publicly. "We were told not to turn on our computers or even look at them, so we don't have access to any patient records right now."
UHS president Mark Miller told the Wall Street Journal Monday evening that UHS shut down its own systems after a hack was detected in order to prevent further damage, causing some operations to be delayed.
While some hospital functions were disrupted, no patients were harmed by the outage, Miller added.
UHS said in a statement Monday that its systems were affected by an "IT security issue" and that no patient data has been compromised. The company followed up with another statement Tuesday morning saying it was working to restore its systems but that some "clinical and financial" operations were still disrupted. When reached for comment, UHS spokesperson directed Business Insider to the company's online statements and added that none of UHS' overseas hospitals have been affected.
The attack appears to bear signature traits of a ransomware attack, according to Bleeping Computer. Ransomware attackers use malicious code to compromise an organization's computer systems and then demand that victims pay up in order to regain access.
The Arizona UHS employee told Business Insider that, as of Tuesday afternoon, employees haven't received any communication beyond the information posted to UHS' website. Because they have been locked out of their email accounts, employees are relying on a separate app called ShiftHound to coordinate shifts.
"There's just been absolutely no communication about what's going on. It makes me wonder what our protocol is for a situation like this," the employee said.
Ransomware attacks have become increasingly frequent in recent years, and hospitals are a prime target. Attacks against hospitals have increased amid COVID-19, according to a report from Microsoft, as hospitals turn to new, unfamiliar telemedicine platforms and are increasingly cash-strapped during the pandemic.
Hackers see hospitals as valuable targets because their systems are crucial to patients' wellbeing, making them more likely to pay a ransom. In addition, patients' health data is seen as valuable, according to Torsten George, an analyst at
"The UHS incident is the latest in a string of healthcare-focused ransomware attacks," George told Business Insider. "Hospital systems are mission critical, and with many lives at stake, healthcare organizations become more likely to pay a ransom to swiftly get back up and running."
According to cybersecurity experts and law enforcement agencies — including the FBI — targets should avoid paying ransom at all costs in order to put hackers out of business.