Largest Ransomware Attack on Hospital

Yet another healthcare facility has fallen victim to a cyberattack in a year where data breaches and ransomware have run rampant. Universal Health Services (UHS), an organization that provides hospital and healthcare services, experienced computer system failure starting on Sunday morning. The organization has over 400 locations, with the majority of them in the US.

UHS locations in California, Pennsylvania, Florida, and Arizona were affected, with news outlets stating this may be the largest cyberattack in US history. The attack started by shutting down emergency department systems and moved across the network. Antivirus was disabled during the attack and after unknown activity on the hard drives, the computers shut down. As of now, any specific details about the attack are not confirmed, but the damage caused is definite.

How the Attack Occurred

Staff members confirmed that the attack was caused by ransomware, specifically a type of ransomware known as Ryuk. This type is distributed in networks and organizations with the target being healthcare systems. The initial infection of the ransomware occurs during spam or phishing attempts and can infect phones and radiology machines.

CSO for cybersecurity company Ordr, Jeff Horne, said that Ryuk can obtain passwords from a system’s memory and move through open shares to infect documents and compromise accounts. UHS released a statement on their website stating, “The IT Network across Universal Health Services (UHS) facilities is currently offline, as the company works through a security incident caused by malware. We have no indication at this time that any patient or employee data has been accessed, copied or misused.”

Effects on Healthcare and Patients

This, unfortunately, is not the first incident of a large-scale data breach on a healthcare facility. Ransomware and other types of cyberattacks have been on the upswing since June of this year, with hospitals being the main target. The COVID-19 pandemic has led to more patients, meaning more protected health information (PHI) being shared and ready for hackers to grab.

UHS staff resorted to using pen and paper to write down patient treatment but much of the patient information was stored on computer systems. The treatment process is running much slower and in some cases, the hospital is redirecting incoming patients to a new facility. This could result in sick people being without care in a timely manner, leading to a possibility of death.

Secure Your Data, Save Your Patients

With proper backups in place, a ransomware attack does not have to ruin a hospital’s everyday operation. Having encrypted storage offline will ensure a healthcare facility can run smoothly and treat patients even if the main systems were to collapse. The SecureDrive BT is a hardware encrypted external hard drive that is HIPAA compliant.

The drive has secure unlocking via wireless mobile app and a user can even authenticate using fingerprints or facial recognition for security unique to the individual. With features like step-away auto lock and read-only mode, it is ensured that only authorized medical or IT personnel can review the data on the drive. The SecureDrive BT is even remote management ready so admins for the drive can restrict user access to predetermined times and places. This keeps healthcare data within hospital walls.

Request a demo of our products by calling 1-800-875-3230 or see more about the drives on our website.