King of Prussia, Pa.-based Universal Health Services, a 26-hospital health system, reported Sept. 28 its IT system is offline due to a "security issue," according to a statement from the health system.
Six details:
1. The incident affected systems used for medical records, laboratories and pharmacies for around 250 UHS locations, according to a report from The Wall Street Journal. A statement from the hospital said it implemented extensive IT security protocols and is working with its security partners to restore IT operations.
2. The health system's facilities are using backup processes and offline documentation to continue delivering patient care. However, WSJ reported the health system has canceled some surgeries and diverted some ambulances away from its facilities during the outage. No patients have been harmed due to the outage.
3. Two UHS nurses told CNBC that the attack occurred over the weekend. Las Vegas-based Valley Health System also experienced an IT security incident beginning Sept. 27 that forced it offline. Nebraska Medicine's IT system was also forced offline on Sept. 20 due to a security incident.
4. CNBC reported the computers at UHS slowed and then eventually stopped working on Sept. 27. Some computers reportedly shut down on their own.
5. In addition to keeping medical records on paper, the clinicians have to hand-label medications. "It's all improv," a nurse told CNBC. By Sept. 28, UHS had restored some of its network, according to the WSJ report.
6. Individuals familiar with the situation have described the incident as a ransomware attack, and UHS President Marc Miller told WSJ the hackers used a "previously unknown technique" to access its computer systems, but didn't clarify what the technique was. To this point there is no evidence the hackers accessed or compromised patient data, according to the health system.
Note: This article was updated on Sept. 29 at 7:45 am CST as additional details became available.
Register today for Becker's HIT+RCM Virtual Event Oct. 6-9 for the best insights and big ideas in health IT!
More articles on cybersecurity:
At nearly $7M, Premera Blue Cross agrees to pay 2nd largest HIPAA fine in OCR history
Geisinger warns of phone spoofing scams, launches digital info hub
12 health system malware, ransomware and phishing incidents this month