What We Know So Far About the Universal Health Systems Ransomware Attack

The company said the ransomware attack has forced its facilities to revert to using offline processes and documentation methods.

What We Know So Far About the Universal Health Systems Ransomware Attack

UPDATE OCTOBER 2, 2020: Universal Health Services (UHS) said on Thursday that all 250 of it’s U.S. facilities’ computer networks were affected Sunday’s malware attack.

The UHS IT Network is in the process of being restored and applications are being reconnected. We have a large number of corporate-level administrative systems, and the recovery process is either complete or well underway in a prioritized manner. We are making steady progress and are confident that we will be able to get hospital networks restored and reconnected soon. Our major information systems such as the electronic medical record (EMR) were not directly impacted; we are focused on restoring connections to these systems. In the meantime, our facilities are using their established back-up processes including offline documentation methods.

All patient safety protocols remain in effect and patient care continues to be delivered safely and effectively at our facilities across the country. As we conduct our IT remediation work, we continue to have no indication that any patient or employee data has been accessed, copied or misused. As previously stated, the company’s UK operations were not impacted.


The computer networks of a major hospital chain in the U.S. and Britain have been hit by a massive cyberattack that may be the largest such attack on a medical institution in U.S. history.

According to NBC News, Universal Health Systems, an operator of more than 400 locations, was knocked offline over the weekend due to what the hospital system calls a “security issue.”

The hospital acknowledged the security issue in a statement and said it is working with IT security professionals to restore operations as quickly as possible.

No patient or employee data appears to have been compromised, the healthcare system said.

The company said its facilities reverted to using offline processes and documentation methods. According to NBC News, some of that included filing patient information with pen and paper.

Universal Health Services’ statement didn’t include information about the nature of the attack, but NBC News’ report suggests it was ransomware.

One person familiar with the company’s response efforts who was not authorized to speak to the press said that the attack “looks and smells like ransomware.”

Two Universal Health Services nurses, who requested to not be named because they weren’t authorized by the company to speak with the media, said that the attack began over the weekend and had left medical staff to work with pen and paper.

One of the nurses, who works in a facility in North Dakota, said that computers slowed and then eventually simply would not turn on in the early hours of Sunday morning. “As of this a.m., all the computers are down completely,” the nurse said.

Another registered nurse at a facility in Arizona who worked this weekend said “the computer just started shutting down on its own.”

“Our medication system is all online, so that’s been difficult,” the Arizona nurse said.

According to cybersecurity experts, cyberattacks of all kinds have been increasing for the better part of a year, and hospitals – once nontargets for cybercriminals – are now responding to these attacks.

A patient at a German hospital died earlier this month because the hospital they were brought to was knocked offline due to ransomware. On the way to a hospital 20 miles away, the patient died.

This article originally appeared in CS sister publication MyTechDecision.com. Zachary Comeau is TD’s web editor. 

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters
Campus Safety HQ