Breaking: Universal Healthcare Services, inc. Suffers Suspected Ransomware Attack Nationwide

Multiple employees discussed the attack on popular subreddit r/hackers

Last Updated on

Universal Health Services, inc. (UHS) one of America’s leading healthcare providers has been the victim of a cyber attack. BleedingComputer has reported that the company was forced to shut down all of its systems at facilities around the country on Sunday morning.

While UHS is yet to publicly comment, BleedingCompter says the reports by employees about the breach point towards a ransomware attack. 

According to sources, affected hospitals are redirecting ambulances and relocating patients in need of surgery to other nearby hospitals. One Reddit user posted to the r/hacker subreddit stating that “UHS hospitals nationwide in the US currently have no access to phones, computer systems, internet, or the data center.” 

They added: “One of the busiest hospitals in the region is currently sending away all ambulances to different smaller hospitals because of this, and they themselves are losing patients while they are waiting for lab results to be delivered by courier.”

Another person, four hours ago, wrote, “[UHS] won’t even let us turn the computers on for going on over 24 hours.”

Another Reddit user, who has worked at UHS for seven years, replied to the thread with more details of the issue. “When the attack happened, multiple antivirus programs were disabled by the attack and hard drives just lit up with activity,” they wrote. “After 1 min or so of this the computers logged out and shut down. When you try to power back on the computers they automatically just shutdown.”

There is significant evidence that this is a ransomware attack by Ryuk ransomware. BleedingComputer heard from an employee who said that files were being renamed to include the .ryk extension during the attack (this extension is used by the Ryuk ransomware). A second employee said that “one of the impacted computers’ screens changed to display a ransom note reading “Shadow of the Universe,’” which BleedingComputer said is a similar phrase to that appearing at the bottom of Ryuk ransom notes.

UHS has 400 hospitals and healthcare facilities in the U.S. and the U.K. and serves around 3.5 million patients each year and it is unclear yet how widespread the attack was and what damage has been done. However, one person posted to Reddit reporting four deaths in the wake of the attack but its not clear if they were directly related to the attack.

Monday morning, after reports of the attack had already been circulating, UHS issued a statement confirming there had been an “IT security issue.” While UHS didn’t acknowledge the claims that four people had died, they did say that no employee or patient data had been accessed, copied or misused.

“We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible,” it said. “In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively.”

Updated September 29 10:02 BST to include UHS statement