Cyberattack hobbles major US/UK hospital chain

WASHINGTON — Computer systems across a major hospital chain operating in the U.S. and Britain were down Monday due to what the company termed an unspecified technology “security issue.”

Universal Health Services Inc., which operates more than 400 hospitals and other clinical care facilities, said in a short statement p osted to its website Monday that its network was offline and doctors and nurses were resorting to “back-up processes” including paper records.

The Fortune 500 company, with 90,000 employees said “patient care continues to be delivered safely and effectively” and no patient or employee data appeared to have been “accessed, copied or misused.”

UHS provided no details, but people posting to an online Reddit forum who identified themselves as employees said the chain’s network was hit by ransomware overnight Sunday. The posts echoed the alarm of a clinician at a UHS facility in Washington, D.C., who described to The Associated Press a mad scramble, including anxiety over determining which patients might be infected with the virus that causes COVID-19.

John Riggi, senior cybersecurity adviser to the American Hospital Association, called it a “suspected ransomware attack,” adding that criminals have been increasingly targeting the networks of health care institutions during the coronavirus pandemic.

Ransomware is a growing scourge in which hackers infect networks with malicious code that scrambles data and then demand payment to restore services.

Increasingly, ransomware purveyors are downloading data from networks they infiltrate before encrypting targeted servers, using it for extortion. Earlier this month, the first known fatality related to ransomware occurred in Duesseldorf, Germany, after an attack caused IT systems to fail and a critically ill patient needing urgent admission died after she had to be taken to another city for treatment.

UHS itself may not be a household name, but its hospitals are part of communities