Universal Health Services (UHS), a hospital chain with over 400 locations in the United States and the United Kingdom, has reportedly fallen victim to a cyber attack.
The attack would be the largest of its kind on a medical facility in United States history, according to a report from NBC News.
According to NBC News, which was the first outlet to report on the alleged cyber attack, said the incident began over the weekend and left hundreds of employees filing patient information by hand.
While UHS has not yet responded to Spectrum News’ request for comment, the company did post a statement to their website on Monday confirming their IT network is offline, but assured readers that “no patient or employee data appears to have been accessed, copied or misused.”
“The IT Network across Universal Health Services (UHS) facilities is currently offline, due to an IT security issue,” the company wrote. “We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible. In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively.”
The company did not clarify what caused the outage, nor did they mention how widespread it may be.
According to TechCrunch, an employee familiar with the situation said affected UHS computer screens displayed references to the “shadow universe,” indicating a connection to the infamous Ryuk ransomware attacks.
Sophisticated eCrime groups often employ Ryuk ransomware to target “large organizations for a high-ransom return,” according to cybersecurity technology company CrowdStrike. This methodology, known as “big game hunting,” has impacted organizations from the U.S. Coast Guard to Tribune Publishing Newspapers.
Earlier in the year, a number of ransomware operators including DoppelPaymer, Maze, and CLOP pledged not to target hospitals or nursing homes amid the coronavirus pandemic, according to a report from BleepingComputer. Notably, those behind the Ryuk ransomware were not among those who made the pledge.