Skip to main content

Ransomware Reportedly Behind Nationwide UHS Hospital Outage

by Chris Brook on Monday August 22, 2022

Contact Us
Free Demo

The full scope of the incident isn't yet known but as a result, facilities across the U.S. have been left without access to computer systems.

Hospitals nationwide are dealing with the fallout from an outage connected to a potential ransomware attack against one of the largest healthcare services providers in the country this week.

It seems Universal Health Services (UHS) - a Fortune 500 company that specializes in telemedicine and helps facilitate appointments, lab results, and medical forms for hospitals - was hit by ransomware, reportedly the Ryuk strain, over the weekend, forcing hospitals that use UHS' IT system offline.

While not every hospital appears to be impacted, several do.

Much of the discussion around the incident involves an unconfirmed post to Reddit Sunday night. In that post a user claiming to work at a UHS hospital reported the facility had no access to phones, computer systems, internet, or the data center. Because of the issue, the hospital reportedly had to send ambulances to smaller hospitals and had patients die while waiting for lab results to be delivered by courier.

A handful of other Reddit users chimed in, some saying their hospitals wouldn't let employees turn on computers, others saying they were forced to write everything down on paper.

Amid the COVID-19 pandemic, the incident could further exacerbate an already dire situation at some hospitals.

UHS was mum on the issue for about 24 hours; as of Monday afternoon, its Twitter and press release section of its website still didn't mention the incident; the company also did not return Data Insider’s request for comment Monday.

The company did issue a statement, just after noon on Monday however, confirming that its IT network is "currently offline, due to an IT security issue," adding that "no patient or employee data appears to have been accessed, copied or otherwise compromised."

“We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible. In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively,” the company’s statement also reads.

The statement is light on details making it even more unclear what transpired. UHS has 400 hospitals and healthcare facilities in the U.S. and the U.K but it’s not certain how many of them may be impacted.

Reddit users claiming to work for UHS hospitals in California, Florida, Georgia, Pennsylvania, North Carolina and Texas have all reported experiencing issues, many which sound like ransomware hit their computer systems, over the last 24 hours.

A handful of hospitals in Las Vegas appear to be victims as well. According to a local ABC affiliate there, five hospitals belonging to the Valley Health System, a subsidiary of Universal Health Services, Inc., were all knocked offline on Sunday too.

Some reports, including one via Bleeping Computer, claim victims' screens displayed a ransom note reading "Shadow of the Universe," a phrase that sometimes appears as part of Ryuk infections.


The same report notes that one victim claims files were renamed to include the .ryk extension - another Ryuk calling card. The ransomware hasn't commanded many headlines of late - those have mostly been dominated by REvil aka Sodinokibi - but if it is indeed Ryuk, this could be its big comeback.

Tags:  Ransomware

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.