Hospital server broken by ransomware

Ransomware attack shuts down string of UHS hospital systems

A group of hospitals controlled by the Universal Health Services, based in Pennsylvania, confirmed that its facilities had been compromised by a cyber attack at the end of September 2020.

Computer systems began to fail in the affected hospitals, forcing them to return to documenting patient information on paper, causing many disruptions.

“We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible. In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively.”

UHS Spokesperson

Despite UHS not releasing specific details on the origin and nature of the attack, many rumours and speculations have been circulating the internet.

Several sources suggest the cyber-attack was the Ryuk ransomware, which is a type of crypto-ransomware that uses encryption to block access to a system, device, or file until a ransom is paid.

The statement delivered by UHS does not confirm this, however “restoring IT operations from backups” certainly indicates this type of attack.

This seems to be a common theme of late, with cyber threat intelligence analysists saying they have “have observed phishing-related attacks tied to Ryuk ransomware in recent weeks.”

As we have discussed many times on our past blog posts, this is an awful situation for any healthcare facility to be in, especially in the midst of a global pandemic. Even with medical aid, coronavirus fatalities are becoming more and more common, and if patients are unable to be treated due to system downtime then deaths will increase exponentially. This is a worst-case scenario not just for specific hospitals, but a widespread ransomware attack could potentially be catastrophic for an entire country, which is what many experts fear.

“Ransomware, in all its pervasive forms, is associated with the majority of healthcare cyber incidents, and it is often a simple result of inadequate security training,”

Mike Puglia – Chief Strategy Officer, Kaseya

“Because of that inadequate security training, employees are using and reusing weak or already compromised passwords, clicking links they shouldn’t be, leaving databases unsecured, not applying security patches, or storing protected health information on USB drives and losing them. Of those mistakes, weak passwords, phishing attacks and a lack of security patching are most often the root cause of most, if not all, of the ransomware attacks we read about, … Employees are the first line of defence.”

The most effective way to decrease the chance of organisations being held hostage by these criminals is security awareness training. A large majority of ransomware incidents such as these originate from phishing emails. Untrained employees click links and download attachments, having no idea of the danger they place themselves and there organisations in.

Could your employees detect and mitigate a threat such as this effectively before it became an issue? Find out now in our Free Click-Prone® Test.

Recent posts