BreachExchange mailing list archives
More than 250 hospitals across the US are still offline for a second day running due to cyberattack that caused surgeries to be cancelled and forced staff to rely on pen and paper
From: Destry Winant <destry () riskbasedsecurity com>
Date: Thu, 1 Oct 2020 09:51:49 -0500
https://www.dailymail.co.uk/news/article-8787363/250-hospitals-debilitated-cyberattack-forced-doctors-cancel-surgeries.html A computer outage at a major hospital chain has thrust healthcare facilities across the U.S. into chaos with treatment suspended and surgeries cancelled as doctors and nurses already burdened by the coronavirus pandemic have been forced to rely on pen and paper backup systems. Hospital chain Universal Health Services told employees on Tuesday that its network remains offline, two days after the company fell prey to an apparent ransomware attack. The company which operates more than 250 hospitals and other clinical facilities in the U.S., initially blamed the outage on an unspecified IT 'security issue' in a statement posted to its website but since provided a more comprehensive update in a statement on Tuesday evening. Hospital chain Universal Health Services' network remains offline on Tuesday, two days after the company fell prey to an apparent ransomware attack (file photo) Universal Health Services, a major hospital chain operating in the U.S, has confirmed its computer networks were knocked offline by a cyberattack 'The IT Network across Universal Health Services (UHS) facilities is currently offline, as the company works through a security incident caused by malware. The cyber attack occurred early Sunday morning, at which time the company shut down all networks across the U.S. enterprise. We have no indication at this time that any patient or employee data has been accessed, copied or misused. The company's UK operations have not been impacted. 'UHS implements extensive IT security protocols to protect our systems and data, and we are working diligently with our IT security partners to restore IT infrastructure and business operations as quickly as possible. We are making steady progress with recovery efforts. Certain applications have already started coming online again, with others projected to be restored on a rolling basis across the U.S.' The company did not state how many facilities were affected or whether patients had to be diverted to other hospitals, however UHS workers at company facilities in Texas and Washington, D.C. have described mad scrambles after the outage began overnight Sunday to render care. The chaos included longer emergency room waits and anxiety over determining which patients might be infected with the virus that causes COVID-19. Employees have described how ambulances have been forced to redirect to other hospitals while come patients surgeries have been cancelled UHS hospitals in the US including Valley Hospital Las Vegas and those from California, Florida, Texas, Arizona, and Washington D.C. are left without access to computer and phone systems. Pictured, McAllen Medical Center in Texas A text message sent by UHS to its staff said that 'the corporate network remains offline.' The message provided no timetable for when computer access would be restored and instructed some UHS employees to 'please continue to work remotely using alternative communication channels.' The Fortune 500 company, with 90,000 employees, said 'patient care continues to be delivered safely and effectively' and no patient or employee data appeared to have been 'accessed, copied or misused.' UHS said that while 'this matter may result in temporary disruptions to certain aspects of our clinical and financial operations, patient care 'continues to be delivered safely and effectively.' 'Our facilities are using their established back-up processes including offline documentation methods.' The King of Prussia, Pennsylvania, company also has hospitals in the United Kingdom, but its operations in that country were not affected, a spokeswoman said Monday night. John Riggi, senior cybersecurity adviser to the American Hospital Association, called it a 'suspected ransomware attack,' affirming reporting on the social media site Reddit by people identifying themselves as UHS employees. Workers said that ambulances and patients were being redirected from UHS hospitals to other facilities. BleepingComputer, an online cybersecurity news site, spoke to UHS employees who described ransomware with the characteristics of Ryuk, which has been widely linked to Russian cybercriminals and used against large enterprises. One UHS employee told the site that files were being renamed to include the .ryk extension used by Ryuk. Criminals have been increasingly targeting health care institutions with ransomware during the pandemic, infecting networks with malicious code that scrambles data. To unlock it, they demand payment. Increasingly, ransomware purveyors download data from networks before encrypting targeted servers, using it for extortion. UHS has provided no details, but experts said the outage had the hallmarks of ransomware, malicious software that locks users out of their computers (file photo) Earlier this month, the first known fatality related to ransomware occurred in Duesseldorf, Germany, after an attack caused IT systems to fail and a critically ill patient needing urgent admission died after she had to be taken to another city for treatment. UHS may not be a household name, but has U.S. hospitals from Washington, D.C., to Fremont, California, and Orlando, Florida, to Anchorage, Alaska. Some of its facilities provide care for people coping with psychiatric conditions and substance abuse problems. A clinician involved in direct patient care at a Washington UHC facility described a high-anxiety scramble to handle the loss of computers and some phones. That meant medical staff could not easily see lab results, imaging scans, medication lists, and other critical pieces of information doctors rely on to make decisions. Phone problems complicated the situation, making it harder to communicate with nurses. Lab orders had to be hand-delivered. 'These things could be life or death,' said the clinician. A different UHS healthcare worker, at an acute care facility in Texas, described an even more chaotic scene. Both the Texas and Washington D.C. workers asked not to be identified by name because they were not authorized to speak publicly. 'As of right now we have no access to any patient files, history nothing,' the Texas worker said, with emergency room wait times going from 45 minutes to six hours. 'Doctors aren't able to access any type of X-rays, CT scans.' Nothing that runs on Wi-Fi alone was functioning Monday, the Texas worker said. Telemetry monitors that show critical care patients' heart rates, blood pressure and oxygen levels went dark and had to be restored with ethernet cabling. The Washington clinician said there was a lot of concern about how to determine whether or not patients had been exposed to the coronavirus, the Washington clinician said, adding that no harm came to any of the 20 or so patients they attended to. However, anxiety reigned during the entire shift. Handing off a patient to another department, always a delicate task because of the potential for miscommunication, became especially nerve-wracking. 'We are most concerned with ransomware attacks which have the potential to disrupt patient care operations and risk patient safety,' said Riggi, the cybersecurity adviser to hospitals. 'We believe any cyberattack against any hospital or health system is a threat-to-life crime and should be responded to and pursued as such by the government.' Ransomware attacks have crippled everything from major cities to school districts, and federal officials are concerned they could be used to disrupt the current presidential election. Last week, a major supplier of software services to state, county and local governments, Tyler Technologies, was hit. In the U.S. alone, 764 healthcare providers were victimized last year by ransomware, according to data compiled by the cybersecurity firm Emsisoft. It estimates the overall cost of ransomware attacks in the U.S. to $9 billion a year in terms of recovery and lost productivity. The only way to effectively recover, for those unwilling to pay ransoms, is through diligent daily system data backups. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- More than 250 hospitals across the US are still offline for a second day running due to cyberattack that caused surgeries to be cancelled and forced staff to rely on pen and paper Destry Winant (Oct 01)