4 health IT lessons learned from the UHS cyberattack
Skip to main content
MDHC_Logotype_white
Subscribe
  • My Account
  • Login
  • Subscribe
  • News
    • This Week's News
    • COVID-19
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • People
    • Regional News
    • Digital Edition
    • 'Little old West Virginia' sets pace on vaccine rollout
      4 cyberscams for hospitals to watch out for
      COVID-19 hastens hospitals' revenue cycle outsourcing moves
      Operation Warp Speed Dr. Moncef Slaoui, Pfizer Group President Angela Hwang, Moderna CEO Stephane Bancel, CVS Health Executive Vice President Karen Lynch and McKesson CEO Brian Tyler participate in a panel discussion on the COVID-19 vaccine.
      Hospitals, drug companies strive to stand out virtually at JPM
    • 'Little old West Virginia' sets pace on vaccine rollout
      Dr. Bruce Siegel
      By protecting the healthcare safety net, Biden can put us on the path to a stronger country
      Joe Biden
      Revamp of the nation's vaccination effort may not be enough
      COVID-19 hastens hospitals' revenue cycle outsourcing moves
    • The Check Up: Trenda Ray
      The Check Up: Trenda Ray of the University of Arkansas for Medical Sciences
      Trenda Ray
      Q&A: Arkansas nursing leader looking for creative staffing solutions as COVID cases surge
      Cook Lydia 4x6_i.jpg
      Northeast Ohio health systems increase community benefit values in 2019
      Vaccine rollout hits snag as health workers balk at shots
    • CMS approves rule forcing insurers to ease prior authorization
      COVID-19 still a big uncertainty for insurers in 2021
      Health insurers' outlook boosted after Dems' Georgia win
      humana_i.jpg
      Humana supports Ohio not-for-profits with $500,000
    • 'Little old West Virginia' sets pace on vaccine rollout
      Joe Biden
      Revamp of the nation's vaccination effort may not be enough
      CMS will raise Medicare Advantage plan payments by 4.08% in 2022
    • Operation Warp Speed Dr. Moncef Slaoui, Pfizer Group President Angela Hwang, Moderna CEO Stephane Bancel, CVS Health Executive Vice President Karen Lynch and McKesson CEO Brian Tyler participate in a panel discussion on the COVID-19 vaccine.
      Hospitals, drug companies strive to stand out virtually at JPM
      Intermountain, Trinity, Memorial Hermann behind $300M private equity fund
      Operation Warp Speed to bump up McKesson's stock price
      Reporter's notebook: J.P. Morgan's 2021 health conference
    • A man in a room with servers.
      Momentum grows to outsource hospital tech functions in 2021
      5 things to know about Google's $2.1B Fitbit acquisition
      Providence bets on machine-learning, consolidating data centers
      Mental health treatment was most common telehealth service during COVID
    • Sticking to Mediterranean diet is good for the brain
      Chance of COVID-19 triage care looms over Arizona hospitals
      U.S. ramps up vaccinations to get doses to more Americans
      367146427.jpg
      Should businesses mandate that staff get the COVID vaccine?
    • Cone Health CEO, CFO to depart amid pending Sentara merger
      Tower Health's finance chief resigning after years of steep losses
      AHRQ director Gopal Khanna resigns in response to Capitol riot
      Brigham president stepping down after Moderna controversy
    • Midwest
    • Northeast
    • South
    • West
  • Insights
    • ACA 10 Years After
    • Best Practices
    • InDepth Special Reports
    • Innovations
    • The Affordable Care Act after 10 years
    • New care model helps primary-care practices treat obesity
      doctor with patient
      COVID-19 treatment protocol developed in the field helps patients recover
      Rachel Wyatt
      Project to curb pressure injuries in hospitals shows promise
      Yale New Haven's COVID-19 nurse-staffing model has long-term benefits
    • Dr. James Hildreth
      How medical education can help fight racism
      Modern Healthcare InDepth: Breaking the bias that impedes better healthcare
      Videos: Healthcare industry executives describe their encounters with racism
      Michellene Davis
      Healthcare leadership lacks the racial diversity needed to reduce health disparities
      Hospital divided into multiple pieces
      Health systems may be warming to offshoring, a mainstay practice for insurers
    • A woman with a wearable sensor talking to her provider.
      Wearable sensors help diagnose heart rhythm problems in West Virginia
      self service station
      COVID-19 pushes patient expectations toward self-service
      Targeting high-risk cancer patients with genetics
      A nurse holds up a phone with a message to a family member saying surgery has started.
      Texting, tablets help hospitals keep family updated on patient care
  • Transformation
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Highmark Health inks six-year cloud, tech deal with Google
      Study: 1 in 5 patients report discrimination when getting healthcare
      HHS proposes changing HIPAA privacy rules
      Android health records app launches at 230 health systems
    • California hospitals prepare ethical protocol to prioritize lifesaving care
      Amazon, JPMorgan Chase, Berkshire Hathaway disband Haven
      Digital pathways poised to reshape healthcare continuum in 2021
      Healthcare was the hardest hit by supply shortages across all U.S. industries
    • A woman with a wearable sensor talking to her provider.
      Wearable sensors help diagnose heart rhythm problems in West Virginia
      New care model helps primary-care practices treat obesity
      How hospitals are building on COVID-19 telehealth momentum
      Researchers: Hospital price variation exacerbates health inequities
    • MedPAC votes to boost hospital payments, freeze or cut other providers
      Most Next Gen ACOs achieved bonuses in 2019
      Congress recalibrates Medicare Physician Fee Schedule after lobbying
      CMS approves rule to encourage value-based drug pricing
  • Data/Lists
    • Rankings/Lists
    • Interactive Databases
    • Data Points
    • Health Systems Financials
      Executive Compensation
      Physician Compensation
  • Op-Ed
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
    • Wellstar CEO calls adapting for the pandemic her bold move
      Howard P. Kern
      Recognizing the value of telehealth in its infancy
      Dr. Stephen Markovich
      A bold move helped take him from family doctor to OhioHealth CEO
      Dr. Bruce Siegel
      Why taking a hospital not-for-profit was Dr. Bruce Siegel’s boldest move
    • Barry Ostrowsky
      Ending racism is a journey taken together; the starting point must be now
      Laura Lee Hall and Gary Puckrein
      Increased flu vaccination has never been more important for communities of color
      John Daniels Jr.
      Health equity: Making the journey from buzzword to reality
      Mark C. Clement and David Cook
      We all need to 'do something' to fight inequities and get healthcare right, for every patient, every time
    • Dr. Bruce Siegel
      By protecting the healthcare safety net, Biden can put us on the path to a stronger country
      Healing healthcare: some ideas for triage by the new Congress, administration
      Dr. Sachin H. Jain
      Medicare for All? The better route to universal coverage would be Medicare Advantage for All
      Connectivity: a social determinant of health that can exacerbate all the others
    • Letters: Eliminating bias in healthcare needs to be ‘deliberate and organic’
      Letters: Maybe dropping out of ACOs is a good thing for patients
      Letters: White House and Congress share blame for lack of national COVID strategy
      Letters: VA making strides to improve state veterans home inspections
    • Sponsored Content Provided By Optum
      How blockchain could ease frustration with the payment process
      Sponsored Content Provided By Optum
      Three steps to better data-sharing for payer and provider CIOs
      Sponsored Content Provided By Optum
      Reduce total cost of care: 6 reasons why providers and payers should tackle the challenge together
      Sponsored Content Provided By Optum
      Why CIOs went from back-office operators to mission-critical innovators
  • Awards
    • Award Programs
    • Nominate
    • Previous Award Programs
    • Other Award Programs
    • Best Places to Work in Healthcare Logo for Navigation
      Nominations Open - Best Places to Work in Healthcare
      Nominations Open - Health Care Hall of Fame
      Nominations Open - 50 Most Influential Clinical Executives
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Top 25 Minority Leaders
    • Top 25 Women Leaders
    • Excellence in Nursing Awards
    • Design Awards
    • Top 25 COOs in Healthcare
    • 100 Top Hospitals
    • ACHE Awards
  • Events
    • Conferences
    • Galas
    • Webinars
    • COVID-19 Event Tracker
    • Leadership Symposium
    • Healthcare Transformation Summit
    • Women Leaders in Healthcare Conference
    • Workplace of the Future Conference
    • Strategic Marketing Conference
    • Social Determinants of Health Symposium
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Minority Leaders Gala (2022)
    • Top 25 Women Leaders Gala
  • Listen
    • Podcast - Next Up
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
    • Carter Dredge
      Next Up Podcast: Ready, set, innovate! Innovation and disruption in healthcare
      Next Up Podcast: COVID-19, social determinants highlight health inequities — what next?
      Ceci Connolly
      Next Up Podcast: How to navigate the murky post-election waters
      Next Up Podcast: Saving Rural Health
    • An older man wearing a mask receiving a vaccine.
      Beyond the Byline: Verifying information on the chaotic COVID-19 vaccine rollout
      doctor burnout
      Beyond the Byline: How healthcare supply chain struggles contribute to employee burnout
      Beyond the Byline: Covering race and diversity in the healthcare industry
      Beyond the Byline: How telehealth utilization has impacted investor-owned company earnings
    • Leading intention promote diversity and inclusion
      Introducing Healthcare Insider Podcast
    • The Check Up: Trenda Ray
      The Check Up: Trenda Ray of the University of Arkansas for Medical Sciences
      The Check Up: Dr. Kenneth Davis
      The Check Up: Dr. Kenneth Davis of Mount Sinai Health System
      The Check Up: Dr. Thomas McGinn
      The Check Up: Dr. Thomas McGinn of CommonSpirit Health
      The Check Up: Mark Ganz
      The Check Up: Mark Ganz of Cambia Health Solutions
    • Video: Ivana Naeymi Rad of Intelligent Medical Objects
  • MORE +
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Cybersecurity
October 01, 2020 03:32 PM

4 health IT lessons learned from the UHS cyberattack

Jessica Kim Cohen
  • Tweet
  • Share
  • Share
  • Email
  • More
    Print
    Kris Tripplaar/Sipa USA

    A malware attack at Universal Health Services, one of the largest hospital chains in the U.S., has highlighted long-standing cybersecurity concerns faced by hospitals.

    To contain a malware intrusion that UHS discovered in its information systems Sunday, UHS took all of its U.S. information technology networks offline, including systems for medical records, laboratories and pharmacies. UHS has been bringing servers back online as it investigates the cyberattack, so some facilities don't have all applications available yet.

    Not all of UHS' information systems were compromised by malware. The malware didn't hit UHS' electronic health records system, though the system was taken offline as part of UHS' response, according to Marc Miller, UHS' president. The health system last month said Miller will take the helm as CEO in January when his father, UHS founder and longtime CEO Alan Miller, steps down.

    "We promptly shut down in order to prevent further propagation," Miller said of UHS' IT networks in an interview with Modern Healthcare. That practice is part of the system's established procedures for dealing with a cyberattack of this nature—though "we've never had anything at this level," he said.

    UHS has reported the cyberattack to federal agencies, including the Federal Bureau of Investigation, Miller said.

    The health system encompasses 400 facilities including acute-care hospitals and ambulatory surgery centers across the U.S. and the United Kingdom. The attack appears to be one of the largest reported healthcare cyberattacks.

    So far, UHS hasn't found evidence that patient or employee data was accessed or copied during the cyberattack, according to a statement it posted online Tuesday.

    Other healthcare executives can learn four cybersecurity lessons from the attack.

    1. Get offline procedures in place. When a malware attack brings down a hospital's information systems, it disrupts internal business processes as well as patient care, often forcing hospitals to divert patients to nearby facilities and limiting access to patient records.

    That makes healthcare cyberattacks a patient safety issue, said John Riggi, the American Hospital Association's senior adviser for cybersecurity and risk. Just last month, a patient in Germany died after an ambulance was diverted from a hospital hit with ransomware, in what appears to be the first death resulting from a ransomware attack.

    "We consider any cyberattack against a hospital or health system a potential threat-to-life crime—not just an economic crime," said Riggi, who has argued the U.S. government should prosecute ransomware attacks at hospitals as such. "Any delay in treatment caused by a ransomware attack could have an adverse outcome for the patient."

    In the wake of UHS cyberattack, staff have been using paper records to document patient care, leading to challenges coordinating care and obtaining medical histories. Some UHS facilities have had to divert ambulances and cancel surgeries, according to the Wall Street Journal, and some sites are experiencing longer wait times at emergency departments, according to CBS News.

    Miller acknowledged it takes longer to complete tasks when systems are offline, but said staff are following established downtime procedures. Downtime procedures are also used during natural disasters and maintenance on information systems, in addition to cyberattacks, so staff have had experience with them, he said.

    2. Preserve the evidence. In the wake of a cyberattack, executives typically home in on how to address the intrusion and maintain operations. But it's also important to protect anything that could be evidence for an investigation, including documenting any communication from hackers and not deleting suspicious or malfunctioning files.

    UHS is currently investigating the incident.

    Figuring out how and what to document can be "tricky," noted Lani Dornfeld, a healthcare attorney at law firm Brach Eichler, so organizations should have IT experts—either in-house staff or outside consultants—lined up to provide support.

    During an investigation, IT teams will analyze data from systems and networks to determine if patient data was accessed or removed—and it is important to be able to review as much data as possible, said Tyler Hudak, a practice lead for incident response at cybersecurity firm TrustedSec who previously served as a team lead for Mayo Clinic's security operations center.

    "When I get into an incident response and start performing forensics, we want to see all the data that we can," he said.

    Increasingly, hackers won't just deploy ransomware to encrypt data. They will remove data from the system, and then threaten to release it if the victim doesn't pay, he said.

    That typically involves hackers gathering data they want to steal into a central location in the network, and then transferring it at once—so that's one sign Hudak said he looks for during a forensic review.

    3. Watch for ransomware. Ransomware has been wreaking havoc on healthcare facilities for years, and it's getting more sophisticated, experts say. It's unconfirmed what type of malware was involved in the cyberattack at UHS, but reports from employees have suggested the incident stems from a Ryuk ransomware attack, according to BleepingComputer, a computer and cybersecurity news site.

    Ryuk is a ransomware strain that hackers tend to use on large, enterprise organizations, said Ido Geffen, vice president of product at cybersecurity company CyberMDX. He said hackers deploying Ryuk will often spend weeks infiltrating and spreading throughout an organization's systems and devices, before making a ransom demand.

    Hackers are "taking their time," Geffen said.

    Miller declined to share what type of malware was involved in the cyberattack and how hackers were able to deploy it into UHS' systems, since the health system is still working on investigating the incident.

    "We're continuing to review the forensic evidence," Miller said. "We're only a few days into this, so we're just not ready to come to conclusions."

    4. Choose who to alert. Riggi recommended hospitals dealing with cyberattacks notify federal authorities—such as the FBI and the Homeland Security Department—who can help with responding to the incident. Organizations aren't required to notify the FBI after a cyberattack, but it's "strongly recommended," he said.

    If it's possible patient information has been breached as defined by HIPAA, UHS will also have to notify the affected individuals, local media outlets and HHS' Office for Civil Rights.

    Hospitals might also want to establish social media policies as part of incident response, Hudak said. Public information about the UHS cyberattack first emerged on Reddit, where employees posted about being unable to access phone and electronic systems. Knowing where information is shared is a key component of responding to an attack, he said.

    Organizations need to "get ahead of the curve and control the information going out," Hudak said.

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    4 cyberscams for hospitals to watch out for
    4 cyberscams for hospitals to watch out for
    More than 4M patients had data exposed in December-reported breaches
    More than 4M patients had data exposed in December-reported breaches
    Sponsored Content
    Get Free Newsletters

    Sign up for free enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today

    The weekly magazine, websites, research and databases provide a powerful and all-encompassing industry presence. We help you make informed business decisions and lead your organizations to success.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS
    • Instagram

    Stay Connected

    Join the conversation with Modern Healthcare through our social media pages

    MDHC_Logotype_white
    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2021. Crain Communications, Inc. All Rights Reserved.
    • News
      • This Week's News
      • COVID-19
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition
    • Insights
      • ACA 10 Years After
      • Best Practices
      • InDepth Special Reports
      • Innovations
    • Transformation
      • Patients
      • Operations
      • Care Delivery
      • Payment
    • Data/Lists
      • Rankings/Lists
      • Interactive Databases
      • Data Points
    • Op-Ed
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Awards
      • Award Programs
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Top 25 Minority Leaders
        • Top 25 Women Leaders
      • Nominate
      • Previous Award Programs
        • Excellence in Nursing Awards
        • Design Awards
        • Top 25 COOs in Healthcare
      • Other Award Programs
        • 100 Top Hospitals
        • ACHE Awards
    • Events
      • Conferences
        • Leadership Symposium
        • Healthcare Transformation Summit
        • Women Leaders in Healthcare Conference
        • Workplace of the Future Conference
        • Strategic Marketing Conference
        • Social Determinants of Health Symposium
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Minority Leaders Gala (2022)
        • Top 25 Women Leaders Gala
      • Webinars
      • COVID-19 Event Tracker
    • Listen
      • Podcast - Next Up
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • MORE +
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing