Expert Commentary: Universal Health Services Hit by Ransomware Attack

Expert Commentary - Universal Health Services Hit by Ransomware Attack

It has been reported that Universal Health Services, which operates over 400 hospitals in the US and the UK, has been victim of a ransomware attack, which hit UHS systems early on Sunday morning, locking computers and phone systems at several UHS facilities across the US. With lab work unable to be carried out, patients have already been turned away and emergencies redirected to other hospitals.

“Despite many hackers pledging to stop to attacks on the healthcare sector during the pandemic, the Netwrix 2020 Cyber Threats Report found that the healthcare sector experienced the most ransomware attacks out of all industries since the start of the crisis – with one out of three healthcare organisations having been a victim. Comments Ilia Sotnikov, VP of Product Management of Netwrix.

While we still don’t know whether the patient data was just encrypted in this case, or if it’s also left the UHS network, we can unfortunately see that multiple UHS facilities are impacted across at least four states and in Washington, DC, which shows a rapid lateral movement of the attacking malware.

“Healthcare orgnisations need to accept the reality that there is no silver bullet to guarantee 100% cyber protection. The sector must adopt the “assume breached” mentality in order to reduce the impact of a breach as quickly as possible, especially as ransomware attacks are especially disastrous for healthcare as they may eventually cost lives. Unfortunately, healthcare is an easy target given the sector’s shortage of resources, legacy IT systems and the increased pressure in the current global crisis leading to more human errors. These can be as simple as falling prey to malicious emails, to poor cyber security practices, such as using predictable passwords. Shockingly, 39% of the healthcare organisations even admitted IT admins themselves have made mistakes during the past few months, which is particularly worrying as incorrect configurations or failure to update systems in a timely manner might lead to security holes that hackers might easily exploit.

“Ransomware gangs are increasingly steal data in addition to in-place encryption, so additional network and user account activity monitoring can help to detect early signs. Practices like network segmentation and lease privilege can often prevent or at least slow down the spread of the attack, giving security teams precious time to detect and contain the incident. Tools that provide healthcare teams with visibility into their IT systems and data are key to flagging anomalous activity and to terminate ransomware before it leads to a significant damage. In fact, spikes in activity at night, which was the case of this latest attack, is one of the anomalies that should be spotted immediately.”