[German]The US clinic operator Universal Health Service Inc. (UHS) operates several hundred clinics nationwide. UHS fell victim to a ransomware infection during the night. Here is some information about what is known.
Advertising
Universal Health Services (UHS) is one of America's largest providers of hospital and healthcare services. UHS operates over 400 acute hospitals, behavioral medicine facilities and outpatient centers in the USA, Puerto Rico and Great Britain.
1st Reports of IT systems failure at UHS
At reddit.com a user reported a nationwide failure of the IT systems of Universal Health Service Inc. (UHS) during the night from Saturday to Sunday (Sept. 26/27 2020) and writes:
Cyberattack on UHS Hospitals Nationwide Last Night
Sorry everyone don't know if this fits the subreddit, but all UHS hospitals nationwide in the US currently have no access to phones, computer systems, internet, or the data center. Does anyone know what could've possibly caused this? One of the busiest hospitals in the region is currently sending away all ambulances to different smaller hospitals because of this, and they themselves are losing patients while they are waiting for lab results to be delivered by courier. Again not sure if this fits the rules of the subreddit but if anyone knows how this could've happened i'd like to know. 4 people died tonight alone due to the waiting on results from the lab to see what was going on.
Sounds really scaring and strange, what the user observed. Later more an more details came in, into that thread. It was a cyber attack at the IT infrastructure of UHS.
Cyber attack with ransomware on UHS
During the cyber attack, the IT of the clinic operator UHS was paralyzed nationwide in the USA. An employee describes it quite vividly in a post on reddit.com
This is a somewhat accurate report (at least in my location). I have worked at a UHS facility in the SE US for over 7yrs and on Sunday morning at approx 2AM systems in our ED just began shutting down. I was sitting at my computer charting when all of this started. It was surreal and definitely seemed to propagate over the network. All machines in my department are Dell Win10 boxes. When the attack happened multiple antivirus programs were disabled by the attack and hard drives just lit up with activity. After 1min or so of this the computers logged out and shutdown. When you try to power back on the computers they automatically just shutdown.
I have not yet found any statement from the clinic operator UHS on the Internet. Bleeping Computer reports in this article that it was an attack with the Ryuk ransomware that crippled the IT at UHS. Bleeping Computer refers to a tip from a UHS employee who reports that files were renamed to .ryk during the attack. Another UHS employee informed Bleeping Computer that one of the affected computers displayed a ransom note saying "Shadow of the Universe". This phrase can be found in ransom demands from Ryuk. This ZDNet article contains similar information.
Advertising
