This article is more than 1 year old

UK, US hospital computers are down, early unofficial diagnosis is a suspected outbreak of Ryuk ransomware

We've switched to back-up offline procedures, says Universal Health Services

Updated Universal Health Services, which operates over 400 hospitals and healthcare facilities in the US, Puerto Rico, and the UK, said on Monday that its IT network was offline due to an unspecified cybersecurity issue.

"We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible," the biz said in a statement. "In the meantime, our facilities are using their established back-up processes including offline documentation methods."

UHS insists patient care continues to be delivered and that "no patient or employee data appears to have been accessed, copied or otherwise compromised."

A UHS spokesperson declined to provide further details or to comment on unsubstantiated claims made via social media suggesting the involvement of the Ryuk ransomware family.

Unidentified individuals posting to Reddit who claim to be affiliated with UHS facilities in Arizona, California, Georgia, and Pennsylvania say the IT outage has affected their workplace. Such claims may also represent efforts by short sellers to influence stock prices, although UHS' share price has only declined slightly.

The Register has put in calls to several UHS facilities around the US but has not heard back from anyone in a position to confirm details about the nature of the IT outage or the number of facilities affected.

“There’s no doubt that an outage of this magnitude affects patient safety and care," said Tim Erlin, VP, product management and strategy at Tripwire, in response to an email from The Register. "This is a high stakes target for the attackers. If caught, they face significant liability for any loss of life incurred as a result."


Massachusetts city tells ransomware scumbags to RYUK off, our IT staff will handle this easily


He opined that ransomware doesn't strike suddenly and suggested the attack on UHS would have taken time to set up. "The widespread nature of this incident indicates a level of sophistication and that the attack was in the works for a relatively long period of time" he said.

Erlin urged those working at healthcare organizations to review their IT systems for vulnerabilities, to patch them diligently, and to review incident response plans.

"Successful incident response happens in the planning stages, before an incident; not while the incident is occurring," he said.

In March, those running ransomware operations using the DoppelPaymer and Maze malware said they would refrain from targeting medical organizations during the COVID-19 pandemic. In light of subsequent events that doesn't seem to have had much effect.

German authorities recently said that a woman had died as a result of treatment delays brought on by ransomware – the cyber-attack on the IT systems at a hospital in Dusseldorf forced a patient in need of urgent care to be taken to a facility in another city, and the delay in treatment led to her death. ®

Updated to add

Day two and it looks like UHS staff are still relying on pens and paper, although some systems are back online.

More about


Send us news

Other stories you might like