‘Universal Health Services’ (UHS) Was Hit by Ransomware and IT Systems Are Down

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

‘Universal Health Services’ (UHS) has been hit by Ryuk ransomware actors, who are apparently continuing independently from Conti following a short period of inactivity. As it happens, UHS is a Fortune 500 healthcare service provider with annual revenues of more than $11 billion, roughly 90,000 employees, and a large number of hospitals (more than 400) in both the United States and the UK.

UHS owns subsidiaries like Alpha Hospital Group, Ascend Health Corporation, Cygnet Health Care, Foundations Recovery Network, Palo Verde Behavioral Health, Psychiatric Institute of Washington, Psychiatric Solutions, Inc.

Related: A Volkswagen Dealership Has Been Hit by “Conti” Ransomware

All in all, this is a big entity in the field, and a ransomware attack against them is affecting a large number of people who are in need of medical services. According to the official UHS statement, the IT network across all of their facilities remains down following a security incident that took place during the weekend, but patient care continues to be delivered.

The personnel has reverted to using back-up processes like offline documentation systems, while the IT teams are working feverishly to restore network operations. Allegedly, no patient or employee data has been accessed or exfiltrated by hackers.

ZDNet attempted to confirm the operational status of various UHS hospitals and found that some of them were indeed down, whereas others reported having no network problems at all. A Reddit thread where users claim to work for UHS has been giving away details about the event since yesterday.

According to these posts, which we have no way to confirm, everything has gone to “paper” and manual logging, but no actual impact like patient deaths has been recorded yet. However, a process of EMS diversion has been put in place, so this will inevitably affect incoming urgent cases. Reportedly, the ransomware disabled AV tools on the Win10 boxes upon hitting them, and employees aren’t allowed to power up anything yet.

Daniel Normal, the senior solutions analyst at ISF, has provided us with the following comment on this security incidence:

Over the coming years, these security threats will continue to accelerate around the world over as far more invasive and automated technology makes its way into the operating room and, in some cases, the human body. Attackers will once again turn their attention to disrupting the health service by targeting poorly secured devices and systems, which will now start to have severe ramifications for human life.

Healthcare services have an outdated approach to security awareness, education, and training. Basic cyber hygiene standards need to be met, covering patching and updates, network segmentation, network monitoring, and hardening, especially for technologies such as AI, robotics, and IoT devices. This is an exciting time for the healthcare industry, but it is also dangerous.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: