A major healthcare provider whose systems were knocked offline for three weeks by a ransomware attack has been asked by a US senator to answer questions about its cybersecurity practices.
UHS initially reported the attack as an “Information Technology security incident,” but staff who took screenshots of the attack confirmed that ransomware was responsible for the disruption.
As a result of the incident, UHS disconnected all systems and shut down the network to prevent further propagation. While some hospitals diverted ambulances and some lab test results were delayed, the company said that “patient care was delivered safely and effectively at our facilities across the country using established back-up processes, including offline documentation methods.”
Following the attack, former technology entrepreneur and vice chairman of the Senate Intelligence Committee, Senator Mark Warner, has written to UHS to express concerns regarding their cybersecurity measures.
Warner told the Fortune 500 company that with annual revenue of more than $11bn, it should have a cybersecurity posture “sufficiently mature and robust to prevent major interruptions to health care operations.”
In his letter dated October 9, the senator questioned UHS over its vulnerability management process, third-party risk management, protection of clinical medical devices, and ability to isolate networks to prevent lateral movement by attackers.
Warner also asked UHS to state whether it had paid a ransom to its attackers and to confirm whether any patient medical records, HIPAA-protected data, or healthcare information has been affected or suffered a denial of access as a result of the attack.
On October 12, UHS stated: “Throughout the IT remediation work we have had no indication that any patient or employee data was accessed, copied or misused.”
UHS, which is headquartered in King of Prussia, Pennsylvania, operates facilities in Puerto Rico, the United Kingdom, and the United States. In a statement released on September 29, the company said that its UK operations were not impacted by the attack.
Source: Infosecurity Magazine