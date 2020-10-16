Infosecurity Group Websites
Latest
News

Senator Questions US Healthcare Giant Over Cyber-Attack

A major healthcare provider whose systems were knocked offline for three weeks by a ransomware attack has been asked by a US senator to answer questions about its cybersecurity practices. 

Universal Health Services announced on Monday that all 400 of its health system sites were back online after being hit by a cyber-attack in the early hours of September 27. 

UHS initially reported the attack as an "Information Technology security incident," but staff who took screenshots of the attack confirmed that ransomware was responsible for the disruption. 

As a result of the incident, UHS disconnected all systems and shut down the network to prevent further propagation. While some hospitals diverted ambulances and some lab test results were delayed, the company said that "patient care was delivered safely and effectively at our facilities across the country using established back-up processes, including offline documentation methods." 

Following the attack, former technology entrepreneur and vice chairman of the Senate Intelligence Committee, Senator Mark Warner, has written to UHS to express concerns regarding their cybersecurity measures.

Warner told the Fortune 500 company that with annual revenue of more than $11bn, it should have a cybersecurity posture "sufficiently mature and robust to prevent major interruptions to health care operations."

In his letter dated October 9, the senator questioned UHS over its vulnerability management process, third-party risk management, protection of clinical medical devices, and ability to isolate networks to prevent lateral movement by attackers.

Warner also asked UHS to state whether it had paid a ransom to its attackers and to confirm whether any patient medical records, HIPAA-protected data, or healthcare information has been affected or suffered a denial of access as a result of the attack. 

On October 12, UHS stated: "Throughout the IT remediation work we have had no indication that any patient or employee data was accessed, copied or misused."

UHS, which is headquartered in King of Prussia, Pennsylvania, operates facilities in Puerto Rico, the United Kingdom, and the United States. In a statement released on September 29, the company said that its UK operations were not impacted by the attack. 

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Hackers Claim to Have Access to 50,000 Home Security Cameras

2
News

Nearly 800,000 SonicWall VPNs Need Critical Flaw Patching

3
News

Ransomware Victims Struggle to Recover, Hire and Spend on Threat Prevention

4
News

Carnival Confirms Passenger Data Compromised

5
News

Iranian APT Group Targets Global Universities Again

6
News

Twitter Locks Trump Campaign Account

1
Webinar

Establishing a Successful DevSecOps Program: Lessons Learned

2
News

Senator Questions US Healthcare Giant Over Cyber-Attack

3
Blog

How COVID-19 Forced Forex Software Providers to Improve Security

4
News

BA GDPR Data Breach Fine Lowered to £20m Due to COVID-19

5
News

Election Security and Confidence Can Be Enabled Through Public-Private Partnerships

6
News

Dickey’s PoS Breach Could Hit Three Million Cards

1
Webinar

The Remote Workplace: Managing the New Threat Landscape with ISO 27001

2
Webinar

No Perimeter, No Problem: Crypto-Strategy for a Zero-Trust Future

3
Webinar

Ransomware Defense with Micro-Segmentation: from Strategy to Execution

4
Webinar

Security in the Cloud - Emerging Threats & the Future

5
Webinar

Achieving Compliance with the Cybersecurity Maturity Model Certification (CMMC)

6
Webinar

2020 Cybersecurity Headlines in Review

1
Opinion

Securing Remote Desktops During a Pandemic

2
Interview

Interview: Jason Nurse, University of Kent

3
News

Endpoint Security Primary Pain Point in 2020

4
Opinion

Is Your Organization Ready to Defend Insider Threats?

5
Webinar

A Better Defense: Does Modern Security Fit With Modern Attacks?

6
News

Corporate Credentials on the Dark Web Up by 429% This Year