Security News
UPDATE. Two more hospitals were hit with ransomware attacks this week as a growing number of criminals target healthcare facilities during the COVID-19 pandemic. The troubling trend prompted federal law enforcement and health officials, on Wednesday, to sound the alarm and issue a dire warning of more attacks to come.
The hospital chain Universal Health Services said Thursday that computer services at all 250 of its U.S. facilities were hobbled in last weekend's malware attack and efforts to restore hospital networks were continuing. Doctors and nurses at affected hospitals and clinics, many already burdened with coronavirus care, have had to rely on manual record-keeping, with lab work slowed.
The attack involved ransomware - Ryuk ransomware, to be more specific. Ryk extension and another employee described a ransom note that points to Ryuk ransomware.
Universal Health Services over the weekend shut down the IT networks at multiple hospitals in the United States, after being hit with a cyberattack. On Monday, some of the company's employees took to Reddit to share information on a cyberattack that forced the shutdown of computers at UHS facilities nationwide.
UHS insists patient care continues to be delivered and that "No patient or employee data appears to have been accessed, copied or otherwise compromised." A UHS spokesperson declined to provide further details or to comment on unsubstantiated claims made via social media suggesting the involvement of the Ryuk ransomware family.
A ransomware attack has shut down Universal Health Services, a Fortune-500 owner of a nationwide network of hospitals. In an official statement given out on Monday, UHS noted: "The IT Network across Universal Health Services facilities is currently offline, due to an IT security issue. We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible. In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively."
The Doppelpaymer ransomware gang were behind the cyber-attack on a German hospital that led to one patient's death, according to local sources. The Aachener Zeitung newspaper carried a report from the German Press Association that Doppelpaymer's eponymous ransomware had been introduced to the University Hospital Düsseldorf's network through a vulnerable Citrix product.
The Doppelpaymer ransomware gang were behind the cyber-attack on a German hospital that led to one patient's death, according to local sources. The Aachener Zeitung newspaper carried a report from the German Press Association that Doppelpaymer's eponymous ransomware had been introduced to the University Hospital Düsseldorf's network through a vulnerable Citrix product.
German authorities probing a cyber attack on a hospital's IT system that led to a fatal delay in treatment for a critically ill woman believe the software used can be traced back to Russian hackers. In an update to lawmakers published on Tuesday, prosecutors wrote that hackers used malware known as "Doppelpaymer" to disable computers at Duesseldorf University Hospital on September 10, aiming to encrypt data and then demand payment to unlock it again.
German authorities last week disclosed that a ransomware attack on the University Hospital of Düsseldorf caused a failure of IT systems, resulting in the death of a woman who had to be sent to another hospital that was 20 miles away. The attack, which exploited a Citrix ADC CVE-2019-19781 vulnerability to cripple the hospital systems on September 10, is said to have been "Misdirected" in that it was originally intended for Heinrich Heine University, according to an extortion note left by the perpetrators.