A major hospital chain has been hit by what appears to be one of the largest medical cyberattacks in United States history.
Computer systems for Universal Health Services, which has more than 400 locations, primarily in the U.S., began to fail over the weekend, and some hospitals have had to resort to filing patient information with pen and paper, according to multiple people familiar with the situation.
Universal Health Services did not immediately respond to requests for comment, but posted a statement to its website that its company-wide network “is currently offline, due to an IT security issue. One person familiar with the company’s response efforts who was not authorized to speak to the press said that the attack “looks and smells like ransomware.”
Ransomware is a type of malicious software that spreads across computer networks, encrypting files and demanding payment for a key to decrypt them. It’s become a common tactic for hackers, though attacks of this scale against medical facilities aren’t common. A patient died after a ransomware attack against a German hospital in early September required her to be moved to a different hospital, leading to speculation that it may be the first known death from ransomware.
Hackers seeking to deploy ransomware often wait until the weekend, when a company is likely to not have as many technical staff members present.
Two Universal Health Services nurses, who requested to not be named because they weren’t authorized by the company to speak with the media, said that the attack began over the weekend and had left medical staff to work with pen and paper.
One of the nurses, who works in a facility in North Dakota, said that computers slowed and then eventually simply would not turn on in the early hours of Sunday morning. “As of this a.m., all the computers are down completely,” the nurse said.
Another registered nurse at a facility in Arizona who worked this weekend said “the computer just started shutting down on its own.”
“Our medication system is all online, so that’s been difficult,” the Arizona nurse said.
While many patient charts at that facility are on paper, medication information is maintained online, though it’s backed up at the end of each day, the nurse said.
“We had those up to date as of the 26th,” the person said.
“Now we had to hand-label every medication,” the nurse said. “It’s all improv.”
Ransomware can devastate hospitals. In 2017, a ransomware strain called WannaCry, created by hackers working for the North Korean government, spread across the world and infected the U.K.’s National Health System even though it wasn’t a direct target. The attack disrupted at least 80 medical facilities, though there were no publicly reported deaths associated with the incident.
Kenneth White, a computer security engineer with more than a decade of experience working with hospital networks, said that the delays caused by ransomware attacks can have dire consequences for patients.
“When nurses and physicians can’t access labs, radiology or cardiology reports, that can dramatically slow down treatment, and in extreme cases, force re-routing for critical care to other treatment centers,” he said. “When these systems go down, there is the very real possibility that people can die.”
Kevin Collier is a cybersecurity reporter based in New York City.