Universal Health Services suffers cyberattack

Universal Health Services (UHS), one of the nation’s largest hospital management companies, on September 27 suffered a cyberattack that resulted in the company disconnecting all systems and temporarily shutting down its network. 

Upon discovering the attack, UHS took down systems for medical records, laboratories, and pharmacies across approximately 250 U.S. facilities, UHS President Marc Miller told the Wall Street Journal.

In a September 29 press release, UHS said it had implemented extensive information technology security protocols and was in the process of working with its security partners to restore IT operations.

UHS restored its IT network on October 5, and connectivity was re-established for all its U.S.-based inpatient facilities. Additionally, UHS said its major information systems such as the electronic medical record were not directly impacted.

According to UHS, no patient or employee data was accessed, copied, or misused during the attack. In addition, the company said its U.K. operations were unaffected.

The full scope of the attack has not yet been identified. UHS did not disclose information about the root of the cyberattack.

UHS operates 26 acute care hospitals, 328 behavioral health inpatient facilities, and 42 outpatient facilities and ambulatory care centers in 37 states across the U.S., Washington D.C., Puerto Rico, and the U.K.