A key health care supplier whose systems were being knocked offline for three months by a ransomware attack has been questioned by a US senator to respond to issues about its cybersecurity practices.
Universal Health and fitness Services announced on Monday that all 400 of its health and fitness process web-sites have been back again on-line just after currently being strike by a cyber-attack in the early hrs of September 27.
UHS initially reported the attack as an “Information and facts Technology security incident,” but employees who took screenshots of the attack confirmed that ransomware was liable for the disruption.
As a result of the incident, UHS disconnected all units and shut down the network to avert even further propagation. While some hospitals diverted ambulances and some lab exam final results were delayed, the company said that “affected person care was shipped securely and properly at our facilities across the region making use of set up back again-up procedures, which include offline documentation strategies.”
Following the attack, former technology entrepreneur and vice chairman of the Senate Intelligence Committee, Senator Mark Warner, has written to UHS to specific problems concerning their cybersecurity steps.
Warner advised the Fortune 500 business that with once-a-year earnings of a lot more than $11bn, it must have a cybersecurity posture “sufficiently experienced and robust to prevent important interruptions to overall health care operations.”
In his letter dated October 9, the senator questioned UHS around its vulnerability administration system, third-get together risk administration, defense of scientific healthcare equipment, and ability to isolate networks to avoid lateral motion by attackers.
Warner also questioned UHS to state whether it had paid a ransom to its attackers and to validate no matter if any affected individual medical documents, HIPAA-secured facts, or health care info has been impacted or endured a denial of accessibility as a end result of the attack.
On October 12, UHS stated: “In the course of the IT remediation get the job done we have had no sign that any client or personnel info was accessed, copied or misused.”
UHS, which is headquartered in King of Prussia, Pennsylvania, operates services in Puerto Rico, the United Kingdom, and the United States. In a statement released on September 29, the firm explained that its Uk functions ended up not impacted by the attack.