[BreachExchange] More than 250 hospitals across the US are still offline for a second day running due to cyberattack that caused surgeries to be cancelled and forced staff to rely on pen and paper

Destry Winant destry at riskbasedsecurity.com
Thu Oct 1 10:51:49 EDT 2020


https://www.dailymail.co.uk/news/article-8787363/250-hospitals-debilitated-cyberattack-forced-doctors-cancel-surgeries.html

A computer outage at a major hospital chain has thrust healthcare
facilities across the U.S. into chaos with treatment suspended and
surgeries cancelled as doctors and nurses already burdened by the
coronavirus pandemic have been forced to rely on pen and paper backup
systems.

Hospital chain Universal Health Services told employees on Tuesday
that its network remains offline, two days after the company fell prey
to an apparent ransomware attack.

The company which operates more than 250 hospitals and other clinical
facilities in the U.S., initially blamed the outage on an unspecified
IT 'security issue' in a statement posted to its website but since
provided a more comprehensive update in a statement on Tuesday
evening.

Hospital chain Universal Health Services' network remains offline on
Tuesday, two days after the company fell prey to an apparent
ransomware attack (file photo)


Universal Health Services, a major hospital chain operating in the
U.S, has confirmed its computer networks were knocked offline by a
cyberattack

'The IT Network across Universal Health Services (UHS) facilities is
currently offline, as the company works through a security incident
caused by malware. The cyber attack occurred early Sunday morning, at
which time the company shut down all networks across the U.S.
enterprise. We have no indication at this time that any patient or
employee data has been accessed, copied or misused. The company's UK
operations have not been impacted.


'UHS implements extensive IT security protocols to protect our systems
and data, and we are working diligently with our IT security partners
to restore IT infrastructure and business operations as quickly as
possible. We are making steady progress with recovery efforts. Certain
applications have already started coming online again, with others
projected to be restored on a rolling basis across the U.S.'

The company did not state how many facilities were affected or whether
patients had to be diverted to other hospitals, however UHS workers at
company facilities in Texas and Washington, D.C. have described mad
scrambles after the outage began overnight Sunday to render care.

The chaos included longer emergency room waits and anxiety over
determining which patients might be infected with the virus that
causes COVID-19.

Employees have described how ambulances have been forced to redirect
to other hospitals while come patients surgeries have been cancelled

UHS hospitals in the US including Valley Hospital Las Vegas and those
from California, Florida, Texas, Arizona, and Washington D.C. are left
without access to computer and phone systems. Pictured, McAllen
Medical Center in Texas

A text message sent by UHS to its staff said that 'the corporate
network remains offline.' The message provided no timetable for when
computer access would be restored and instructed some UHS employees to
'please continue to work remotely using alternative communication
channels.'

The Fortune 500 company, with 90,000 employees, said 'patient care
continues to be delivered safely and effectively' and no patient or
employee data appeared to have been 'accessed, copied or misused.'

UHS said that while 'this matter may result in temporary disruptions
to certain aspects of our clinical and financial operations, patient
care 'continues to be delivered safely and effectively.'

'Our facilities are using their established back-up processes
including offline documentation methods.'

The King of Prussia, Pennsylvania, company also has hospitals in the
United Kingdom, but its operations in that country were not affected,
a spokeswoman said Monday night.

John Riggi, senior cybersecurity adviser to the American Hospital
Association, called it a 'suspected ransomware attack,' affirming
reporting on the social media site Reddit by people identifying
themselves as UHS employees.

Workers said that ambulances and patients were being redirected from
UHS hospitals to other facilities.

BleepingComputer, an online cybersecurity news site, spoke to UHS
employees who described ransomware with the characteristics of Ryuk,
which has been widely linked to Russian cybercriminals and used
against large enterprises.

One UHS employee told the site that files were being renamed to
include the .ryk extension used by Ryuk.

Criminals have been increasingly targeting health care institutions
with ransomware during the pandemic, infecting networks with malicious
code that scrambles data. To unlock it, they demand payment.

Increasingly, ransomware purveyors download data from networks before
encrypting targeted servers, using it for extortion.

UHS has provided no details, but experts said the outage had the
hallmarks of ransomware, malicious software that locks users out of
their computers (file photo)

Earlier this month, the first known fatality related to ransomware
occurred in Duesseldorf, Germany, after an attack caused IT systems to
fail and a critically ill patient needing urgent admission died after
she had to be taken to another city for treatment.

UHS may not be a household name, but has U.S. hospitals from
Washington, D.C., to Fremont, California, and Orlando, Florida, to
Anchorage, Alaska. Some of its facilities provide care for people
coping with psychiatric conditions and substance abuse problems.

A clinician involved in direct patient care at a Washington UHC
facility described a high-anxiety scramble to handle the loss of
computers and some phones.

That meant medical staff could not easily see lab results, imaging
scans, medication lists, and other critical pieces of information
doctors rely on to make decisions. Phone problems complicated the
situation, making it harder to communicate with nurses. Lab orders had
to be hand-delivered.

'These things could be life or death,' said the clinician.

A different UHS healthcare worker, at an acute care facility in Texas,
described an even more chaotic scene. Both the Texas and Washington
D.C. workers asked not to be identified by name because they were not
authorized to speak publicly.

'As of right now we have no access to any patient files, history
nothing,' the Texas worker said, with emergency room wait times going
from 45 minutes to six hours. 'Doctors aren't able to access any type
of X-rays, CT scans.'

Nothing that runs on Wi-Fi alone was functioning Monday, the Texas worker said.

Telemetry monitors that show critical care patients' heart rates,
blood pressure and oxygen levels went dark and had to be restored with
ethernet cabling.

The Washington clinician said there was a lot of concern about how to
determine whether or not patients had been exposed to the coronavirus,
the Washington clinician said, adding that no harm came to any of the
20 or so patients they attended to. However, anxiety reigned during
the entire shift. Handing off a patient to another department, always
a delicate task because of the potential for miscommunication, became
especially nerve-wracking.

'We are most concerned with ransomware attacks which have the
potential to disrupt patient care operations and risk patient safety,'
said Riggi, the cybersecurity adviser to hospitals. 'We believe any
cyberattack against any hospital or health system is a threat-to-life
crime and should be responded to and pursued as such by the
government.'

Ransomware attacks have crippled everything from major cities to
school districts, and federal officials are concerned they could be
used to disrupt the current presidential election.

Last week, a major supplier of software services to state, county and
local governments, Tyler Technologies, was hit.

In the U.S. alone, 764 healthcare providers were victimized last year
by ransomware, according to data compiled by the cybersecurity firm
Emsisoft.

It estimates the overall cost of ransomware attacks in the U.S. to $9
billion a year in terms of recovery and lost productivity. The only
way to effectively recover, for those unwilling to pay ransoms, is
through diligent daily system data backups.


More information about the BreachExchange mailing list