WASHINGTON — Computer systems across a major hospital chain with facilities across the nation were down Monday due to what the company termed an unspecified technology “security issue.” Doctors and nurses had to rely on paper.

Universal Health Services Inc., which operates more than 250 hospitals and other clinical facilities in the U.S., said in a short statement p osted to its website Monday that its network was offline and doctors and nurses were resorting to “back-up processes” including paper records.

The Fortune 500 company, with 90,000 employees, said “patient care continues to be delivered safely and effectively” and no patient or employee data appeared to have been “accessed, copied or misused.”

The company also has hospitals in the United Kingdom, but its operations in that country were not affected, a spokeswoman said Monday night.

UHS provided no details about the incident, but people posting to an online Reddit forum who identified themselves as employees said the chain’s network was hit by ransomware overnight Sunday. The posts echoed the alarm of a clinician at a UHS facility in Washington, D.C., who described to The Associated Press a mad scramble, including anxiety over determining which patients might be infected with the virus that causes COVID-19.

John Riggi, senior cybersecurity adviser to the American Hospital Association, called it a “suspected ransomware attack,” adding that criminals have been increasingly targeting the networks of health care institutions during the coronavirus pandemic.

Ransomware is a growing scourge in which hackers infect networks with malicious code that scrambles data and then demand payment to restore services.

Increasingly, ransomware purveyors are downloading data from networks they infiltrate before encrypting targeted servers, using it for extortion. Earlier this month, the first known fatality related to ransomware occurred in Duesseldorf, Germany, after an attack caused IT systems to fail and a critically ill patient needing urgent admission died after she had to be taken to another city for treatment.

UHS itself may not be a household name, but its hospitals are part of communities from Washington, D.C., to Fremont, California, and Orlando, Florida, to Anchorage, Alaska. Some of its facilities provide care for people coping with psychiatric conditions and substance abuse problems.

The company, based in King of Prussia, Pennsylvania, did not immediately respond to emails seeking additional details, such as whether patients had to be diverted to other hospitals.

The Washington clinician described a high-anxiety scramble to handle the loss of computers and some phones starting Sunday. The person, involved in direct patient care, was not authorized to speak publicly and described the chaotic situation on condition of anonymity.

The loss of computer access meant that medical staff could not easily see lab results, imaging scans, medication lists, and other critical pieces of information doctors rely on to make decisions. Phone problems complicated the situation, making it harder to communicate with nurses.

“These things could be life or death,” the clinician said.

The facility has a “downtime protocol,” in which everything is supposed to be done with paper and pencil, the staffer added, “but no one was expecting to have to use it.” Lab orders had to be hand-delivered.

There was a lot of concern about how to determine whether or not patients had been exposed to the coronavirus.

The clinician said no harm came to any of the 20 or so patients they attended to. However, anxiety reigned during the entire shift. Handing off a patient to another department, always a delicate task because of the potential for miscommunication, became especially nerve-wracking.

“We are most concerned with ransomware attacks which have the potential to disrupt patient care operations and risk patient safety,” said Riggi, the cybersecurity adviser to hospitals. “We believe any cyberattack against any hospital or health system is a threat-to-life crime and should be responded to and pursued as such by the government.”

Ransomware attacks have crippled everything from major cities to school districts, and federal officials are concerned they could be used to disrupt the current presidential election. Last week, a major supplier of software services to state, county and local governments, Tyler Technologies, was hit.

In the U.S. alone, 764 healthcare providers were victimized last year by ransomware, according to data compiled by the cybersecurity firm Emsisoft. It estimates the overall cost of ransomware attacks in the U.S. to $9 billion a year in terms of recovery and lost productivity. The only way to effectively recover, for those unwilling to pay ransoms, is through diligent daily system data backups.

In an apparently unrelated cyberattack affecting a U.S. medical facility, Nebraska Medicine hospital in Omaha suffered an outage last week that led to the postponement of appointments for patients with elective procedures or other non-critical health concerns, The Omaha World-Herald reported.

The hospital said emergency rooms remained open, and no patients were diverted to other hospitals. It said no records were deleted or destroyed thanks to the system’s back-up and recovery processes. The statement did not include any further information about the attack.

Bajak reported from Boston.

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

The Shutdown Proves One Thing: The Federal Government Should be Smaller

The federal government has become the ultimate Rube Goldberg machine—originally designed for the limited scope of the powers enumerated in the U.S. Constitution, but so overly complicated that it has grown to employ 850,000 nonessential employees. That is the number…

A pinch where it hurts: can Facebook weather the ad boycott?

On Wednesday, more than 500 companies officially kicked off an advertising boycott intended to pressure Facebook into taking a stronger stand against hate speech. CEO Mark Zuckerberg has agreed to meet with its organizers early next week. But whether Zuckerberg…

There are just four black CEOs of Fortune 500 companies. Here’s how three are addressing the death of George Floyd

New York (CNN Business)Just four black CEOs run Fortune 500 companies in America, and three of them are speaking out about racial inequality following the death of George Floyd. That’s four black leaders among the largest 500 companies in the…

He went down the QAnon rabbit hole for two years. Here’s how he escaped the virtual cult

One day in June 2019, Jitarth Jadeja went outside to smoke a cigarette. For two years he’d been in the virtual cult of QAnon. But now he’d watched a YouTube video that picked apart the last element of the theory…