Mon | Sep 28, 2020 | 2:23 PM PDT

United Health Services, a Fortune 500 company that operates more than 400 hospitals across the U.S. and U.K., is the latest victim of a ransomware attack.

The incident reportedly took place overnight between Saturday the 26th and Sunday the 27th of September.  

UHS employees discuss the cyberattack online

A Reddit thread titled Cyberattack on UHS Hospitals Nationwide was started Sunday morning for employees and IT professionals to share what is going on and what might have caused this.

Reddit user graynova66 had this to say regarding the situation at a UHS location:

"I have worked at a UHS facility in the SE US for over 7yrs and on Sunday morning at approx 2AM systems in our ED just began shutting down. I was sitting at my computer charting when all of this started. It was surreal and definitely seemed to propagate over the network. All machines in my department are Dell Win10 boxes.

When the attack happened multiple antivirus programs were disabled by the attack and hard drives just lit up with activity. After 1min or so of this the computers logged out and shutdown. When you try to power back on the computers they automatically just shutdown.

It was an epic cluster working 'old school' last night with everything on paper downtime forms. It is true about sending patients away (called EMS diversion) but our lab is functional along with landlines. We have no access to anything computer based including old labs, ekg's, or radiology studies. We have no access to our PACS radiology system. No patients died tonight in our ED but I can surely see how this could happen in large centers due to delay in patient care."

Reddit user FLmamaUnicorn said this regarding the situation at a Florida location:

"We are down in Florida. It's a hot mess in the ER today. EMS diversion on cardiac patients because the cath lab is down. But of course all other EMS is accepted because of course we can't lose any money over this although we are working with minimal staff and it's clearly not safe for patients..."

Another user, Jillonius, had this to say:

"I work for UHS in CA and our systems are all down. Back to paper charting. Labs are all done in the hospital so no lab work needs to be couriered. Our ER is closed to ambulances and OR's are closed and all ambulances and surgeries are being rerouted."

Based on the comments in the thread, not every UHS facility has been affected.

United Health Services ransomware strain

From the same Reddit thread, employees and those with IT knowledge have shared they believe the attack is from the Ryuk ransomware strain.  We are currently unable to confirm if this is true, however, other social media posts indicate that Ryuk is resurfacing.

United Health Services cyber attack statement

It is always intriguing to watch these situations evolve. So far, UHS is only admitting it has an IT security issue

Here is the company's statement on Monday:

"The IT Network across Universal Health Services (UHS) facilities is currently offline, due to an IT security issue.

We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible. In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively.

No patient or employee data appears to have been accessed, copied or misused."

Right now, there are still many unknowns about what is going on with the attack. SecureWorld has reached out to United Health Services and is following the story closely.

Related podcast: ransomware and digital extortion