UHS Confirms 250+ Locations Affected by Malware

Company expects rapid reconnection

King of Prussia, Pa.-based Universal Health Services confirmed that all 250-plus U.S. locations were affected by malware and expects systems to be recovered and applications reconnected soon, according to ABC News and a statement from the health system.

The attack occurred on Sept. 27 and the health system disconnected systems and shut down its network to prevent any further spread of the malware. Over the past week, clinicians have reverted to using paper records to continue treating patients, and in some cases canceled elective procedures or diverted ambulances to other locations during the downtime.

Clinicians also reported more confusion during patient hand-offs because they did not have access to the patients’ electronic records. However, the health system has begun recovery efforts.

On Oct. 1, the health system issued the following statement: “The UHS IT Network is in the process of being restored and applications are being reconnected. We have a large number of corporate-level administrative systems, and the recovery process is either complete or well underway in a prioritized manner. We are making steady progress and are confident that we will be able to get hospital networks restored and reconnected soon.”

Our major information systems such as the electronic medical record (EMR) were not directly impacted; we are focused on restoring connections to these systems. In the meantime, our facilities are using their established back-up processes including offline documentation methods.

All patient safety protocols remain in effect and patient care continues to be delivered safely and effectively at our facilities across the country. As we conduct our IT remediation work, we continue to have no indication that any patient or employee data has been accessed, copied or misused. As previously stated, the company’s UK operations were not impacted.”

UHS has reported that its EHR was not directly impacted by the attack and it is focusing efforts to restore system connections, but facilities are still using downtime procedures and offline documentation. The health system also reported no indication that patient or employee data was inappropriately accessed during the incident.

SOURCE: Becker’s Hospital Review

About The Author