Local

‘Scary situation’: Massive cyberattack leaves 400 US hospitals in the grip of ransomware

Healthcare giant Universal Health Services, a for-profit corporation that runs 400 hospitals and clinics with 90,000 employees in 45 states, confirmed Monday that it was the target of cyberhackers who infected its internal computer network with ransomware.

The attack has been called the largest cyberattack on health care in US history.

>> Related: State agencies fighting cybersecurity threat

UHS owns Schick-Shadel Hospital -- an addiction treatment center in Burien -- and Fairfax Behavioral Health in Kirkland. A company statement said they are “diligently working with our IT security partners to restore IT operations as quickly as possible.”

UHS said its “patient care continues to be delivered safely and effectively” and that “no patient or employee data appears to have been accessed, copied or otherwise compromised.”

The cyberattack reportedly forced hospitals to pivot from working with online records to using pens and paper.

Cybersecurity experts told KIRO 7 that similar attacks in Europe have jeopardized the safety of some patients.

“They are diverting patients from their emergency rooms,” said Drex DeFord, the former Chief Information Officer at Seattle Children’s Hospital and current Executive Healthcare Strategist for CI Security in Seattle. “They are canceling surgeries, they are doing other things like that because their systems are down,” he said.

“This could be done just as easily as one person clicking on one wrong link,” DeFord said, adding that a ransomware attack can be unknowingly launched by someone with network access simply clicking on an email attachment. The unleashed ransomware payload searches for weak spots, locks up programs it finds and often demands money for the keys to unlock it.

“The ransomware specialists, the bad guys, are really good at crafting emails that are very interesting and very tempting to click on,” DeFord said.

Nurses with UHS started a thread on Reddit Sunday night, saying their hospital phones, internet and computers were suddenly locked up.

A similar cyberattack at a German hospital cost a patient her life only weeks ago when she had to be diverted to another hospital miles away for emergency surgery.

“Once these things take off and our networks go down and those electronic health records become unusable, it can have really tragic effects on patients and families,” DeFord said.

DeFord said many hospitals have stout online security systems and occasionally practice drills to go offline in case cyber-attacks happen.

“Even when it happens, in the heat of the moment, it’s still a very scary situation for those doctors and nurses, lab workers, pharmacists, everyone,” DeFord said. "Because this is not the normal routine way that they operate every day. "

0