Serviceteam IT Security News

A major healthcare provider whose systems were knocked offline for three weeks by a ransomware attack has been asked by a US senator to answer questions about its cybersecurity practices. 

Universal Health Services announced on Monday that all 400 of its health system sites were back online after being hit by a cyber-attack in the early hours of September 27. 

UHS initially reported the attack as an “Information Technology security incident,” but staff who took screenshots of the attack confirmed that ransomware was responsible for the disruption. 

As a result of the incident, UHS disconnected all systems and shut down the network to prevent further propagation. While some hospitals diverted ambulances and some lab test results were delayed, the company said that “patient care was delivered safely and effectively at our facilities across the country using established back-up processes, including offline documentation methods.” 

Following the attack, former technology entrepreneur and vice chairman of the Senate Intelligence Committee, Senator Mark Warner, has written to UHS to express concerns regarding their cybersecurity measures.

Warner told the Fortune 500 company that with annual revenue of more than $11bn, it should have a cybersecurity posture “sufficiently mature and robust to prevent major interruptions to health care operations.”

In his letter dated October 9, the senator questioned UHS over its vulnerability management process, third-party risk management, protection of clinical medical devices, and ability to isolate networks to prevent lateral movement by attackers.

Warner also asked UHS to state whether it had paid a ransom to its attackers and to confirm whether any patient medical records, HIPAA-protected data, or healthcare information has been affected or suffered a denial of access as a result of the attack. 

On October 12, UHS stated: “Throughout the IT remediation work we have had no indication that any patient or employee data was accessed, copied or misused.”

UHS, which is headquartered in King of Prussia, Pennsylvania, operates facilities in Puerto Rico, the United Kingdom, and the United States. In a statement released on September 29, the company said that its UK operations were not impacted by the attack. 

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!