Original Release Date: 9/28/2020
Over the weekend, the network of Universal Health Services (UHS), one of the largest healthcare providers in the United States, was impacted by an alleged ransomware attack. According to a statement released by UHS, the network is currently offline due to an IT security issue; however, no patient or employee data appears to have been accessed, copied, or compromised. Open-source reporting indicates that the IT security issue is due to ransomware and that patients were turned away and emergencies were diverted to other hospitals as a result. It is unclear at the time of this writing whether the entire network or only portions of the network were impacted. IT incidents affecting hospitals, particularly ransomware, can have serious implications to public health and safety. Recently, a hospital in Germany suffered a ransomware incident and, consequently, a patient was diverted to another hospital and died due to the delay in treatment.
The NJCCIC encourages users, businesses, and organizations to review and implement the recommendations provided in the NJCCIC Ransomware: Risk Mitigation Strategies guide to help prevent or limit the impact of a ransomware incident.
We encourage recipients who discover signs of malicious cyber activity to contact us via the cyber incident report form by clicking here.