The Universal Health Services Ransomware Attack: Key Findings

The Universal Health Services Ransomware Attack: Key Findings

Universal Health Services, one of the largest healthcare providers and hospital chains in the United States, suffered a ransomware attack that crippled national operations. The attack began on Sunday and appears to be ongoing. TechCrunch originally broke this story. You can also watch our video on the attack. 

While the attack did not expose patient or employee data, the attack has disrupted digital operations so much that employees currently use analog record keeping. Additionally, ambulances were rerouted due to computer systems being down at several hospitals. It remains unclear how the cyber-attack affects patient care. 

According to accounts, employees were instructed to turn off their computers and that the attack would continue for days. The Universal Health Services ransomware appears connected to Ryuk ransomware, which targets businesses and continues to target healthcare providers even during COVID-19.  

To gain perspective on the Universal Health Services Ransomware Attack, we spoke to several cybersecurity experts. Here’s what they had to say.  

 

Experts Comment on the Universal Health Services Ransomware Attack

Mark Bagley

Mark Bagley is VP of Product at AttackIQ.

“Ransomware attacks often have collateral damage and impact beyond the ransom. When hospitals and healthcare providers are attacked, we’ve unfortunately learned the lesson that patient lives can be put in danger as witnessed a few weeks ago. While the impact of the UHS incident is currently unknown, millions of patients are served yearly and their care could be at risk.”

“A proactive and threat-informed approach to security strategy that produces evidence of ransomware defense is crucial for these organizations. Being able to demonstrate which defenses are effective against the common tactics, techniques, and procedures used by the adversary allows for a program to be implemented – and improved with automated solutions that continuously test that program over time.”

Sanjay Jagad

Sanjay Jagad is Senior Director of Products and Solutions at Cloudian

“The Universal Health Services attack demonstrates the growing threat ransomware poses, especially to highly regulated industries. In these cases, extremely sensitive customer data and an organization’s reputation are at stake. Perimeter security solutions inevitably fall short against increasingly sophisticated ransomware attacks. To truly safeguard themselves, organizations must instead protect data at the storage layer. The easiest way to do this is to keep a backup data copy on immutable storage: once written, the backup cannot be changed or deleted for a specific period. This prevents malware from being able to encrypt the data and lock the victim out. If a ransomware attack occurs, organizations can restore an unencrypted copy of the data via a simple recovery process.”

Saryu Nayyar

Saryu Nayyar is CEO of Gurucul

“The suspected ransomware attack against Universal Health Services is just another example of a high-profile cybercrime incident.  While few details are available yet, the attack matches a pattern where criminals target high-value organizations with little risk of prosecution.  Worse, for every high-profile example like this, there are many more that are never reported in the press or, in fact, revealed at all.”

“We have tools, such as behavioral analytics, that can identify an attack and mitigate it early in the cycle. But organizations still need to do better at protecting their assets, and governments across the world need to do more to prosecute and deter these cybercriminals.”

Thanks to these experts for their time and expertise. You can learn about deflecting ransomware in our Endpoint Security Buyer’s Guide.

 

Follow me

Ben Canner

Editor, Cybersecurity at Solutions Review
Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner
Follow me