UHS hospitals hit by Ryuk ransomware attack

Universal Health Services (UHS) healthcare providers has reportedly shut down systems at healthcare facilities after a Ryuk ransomware attack.

Universal Health Services (UHS), one of the largest hospital and healthcare services providers, has shut down systems at healthcare facilities in the United States after they were infected with the Ryuk ransomware.

The attack cyber-attack took place on Sunday morning, some patients have been redirected to other nearby hospitals because the UHS facilities were unable to operate.

Universal Health Services (UHS) is an American Fortune 500 company that provides hospital and healthcare services, in 2019, its annual revenues were $11.37 billion.

The company currently operates over 400 healthcare facilities in the US and the UK, has more than 90,000 employees. The Fortune 500 corporation had annual revenues of $11.4 billion in 2019.

According to reports from UHS’ employees, systems at some of the UHS hospitals in the US including those from California, Florida, Texas, Arizona, and Washington D.C. rebooted started displaying a ransom note. In response to the incident, the IT staff shut down its systems to avoid the propagation of the threat.

“I was sitting at my computer charting when all of this started. It was surreal and definitely seemed to propagate over the network. All machines in my department are Dell Win10 boxes.” reads one of the reports shared online.

“When the attack happened multiple antivirus programs were disabled by the attack and hard drives just lit up with activity. After 1min or so of this the computers logged out and shutdown. When you try to power back on the computers they automatically just shutdown. We have no access to anything computer based including old labs, ekg’s, or radiology studies. We have no access to our PACS radiology system.”

Some reports circulating online reveal that the ransomware added the “.ryk” extension to the filenames of encrypted documents, a circumstance that confirms a Ryuk ransomware infection.

The Ryuk ransomware operators were very active early this year, in March they targeted hospitals even as these organizations are involved in the fight against the Coronavirus pandemic.

The decision of the operators was not aligned with principal ransomware gangs that have announced they will no longer target health and medical organizations during the Coronavirus (COVID-19) pandemic.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Ryuk ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.