Cyber criminals have caused big trouble to the healthcare sector during the pandemic. Universal Health Services (UHS) is just one of the companies that fell victim to a ransomware attack, but it illustrates just how lucrative this cyber activity is and how devastating it can be for the victim.
Universal Health Services, one of the U.S.’s largest and most respected providers of hospital and healthcare services, says an apparent ransomware attack last fall caused $67 million in pre-tax losses.
The breach at Universal Health Services on September 27 last year, widely reported to be a ransomware attack, was apparently caused by a Ryuk strain. The UHS’s phone system was taken down, and access to computers and electronic health records was lost; the company’s employees had to use pen and paper to record patient information.
Only now UHS calculated and revealed the cost of the breach. The most costly was to divert ambulances to the partner facilities and to restore its IT systems, the company said in a Feb. 25 earnings statement. Although UHS reported over $3 billion in revenue in the fourth quarter last year, the incident delayed billing for over two months.
Last year, a wave of Ryuk attacks hit computer networks of various U.S. hospitals that federal authorities scrambled to address. Amidst a slew of ransomware attacks during the pandemic, the U.S. government pledged to allocate more resources to fight ransomware.
A 2020 IBM study showed data breaches cost healthcare companies more than $7 million per incident.
UHS, which operates 400 hospitals and behavioral health facilities in the United States and United Kingdom, hopes its insurance provider would cover a significant chunk of the losses. UHS claims under the company’s cyber-insurance policy, they are “entitled to recovery of the majority of the ultimate financial impact resulting from the cyberattack.”