Senator questions UHS on cyberattack

U.S. Sen. Mark Warner,D-Va., sent a letter to King of Prussia, Pa.-based Universal Health Services filled with questions about a recent cyberattack that threatened operations at the health system’s 400 locations.

UHS discovered what it thought to be a ransomware attack and disconnected its IT system on Sept. 27. The system said it spent eight days restoring its IT network and was fully online Oct. 5. While offline, clinicians and staff used paper records to document patient encounters, postponed some elective services and in some cases rerouted emergency care.

Sen. Warner’s letter, dated Oct. 9, includes 10 questions asking UHS about its vulnerability management process, cybersecurity protections and malware prevention measures. The letter also inquires about the senior executive responsible for oversight of information security and whether the health system paid a ransom to the attackers.

“Patients deserve to know that healthcare systems are secure, particularly as the nation faces a pandemic straining resources nationwide,” Mr. Warner wrote in the letter. “When a cybersecurity failure occurs, patients need reassurance that their healthcare provider is committed to learning from and responding to this truly concerning incident and that it is taking all appropriate steps to ensure it cannot happen again.”

Mr. Warner asked UHS to respond within two weeks. The health system typically supports about 3.5 million patient visits per year and reports $11 billion in annual revenue.

More articles on cybersecurity:
Michigan hospital discovers unsecured link to patient data on computer: 3 details
The 10 healthcare organizations most affected by cyberattacks in 2020
Microsoft disrupts ransomware distributor with ties to Ryuk: 5 notes


© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.