UHS hospitals hit by Ryuk ransomware attack

Pierluigi Paganini September 28, 2020

Universal Health Services (UHS) healthcare providers has reportedly shut down systems at healthcare facilities after a Ryuk ransomware attack.

Universal Health Services (UHS), one of the largest hospital and healthcare services providers, has shut down systems at healthcare facilities in the United States after they were infected with the Ryuk ransomware.

The attack cyber-attack took place on Sunday morning, some patients have been redirected to other nearby hospitals because the UHS facilities were unable to operate.

Universal Health Services (UHS) is an American Fortune 500 company that provides hospital and healthcare services, in 2019, its annual revenues were $11.37 billion.

The company currently operates over 400 healthcare facilities in the US and the UK, has more than 90,000 employees. The Fortune 500 corporation had annual revenues of $11.4 billion in 2019.

According to reports from UHS’ employees, systems at some of the UHS hospitals in the US including those from California, Florida, Texas, Arizona, and Washington D.C. rebooted started displaying a ransom note. In response to the incident, the IT staff shut down its systems to avoid the propagation of the threat.

“I was sitting at my computer charting when all of this started. It was surreal and definitely seemed to propagate over the network. All machines in my department are Dell Win10 boxes.” reads one of the reports shared online.

“When the attack happened multiple antivirus programs were disabled by the attack and hard drives just lit up with activity. After 1min or so of this the computers logged out and shutdown. When you try to power back on the computers they automatically just shutdown. We have no access to anything computer based including old labs, ekg’s, or radiology studies. We have no access to our PACS radiology system.”

Some reports circulating online reveal that the ransomware added the “.ryk” extension to the filenames of encrypted documents, a circumstance that confirms a Ryuk ransomware infection.

The Ryuk ransomware operators were very active early this year, in March they targeted hospitals even as these organizations are involved in the fight against the Coronavirus pandemic.

The decision of the operators was not aligned with principal ransomware gangs that have announced they will no longer target health and medical organizations during the Coronavirus (COVID-19) pandemic.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Ryuk ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment