Universal Health Services (UHS), one of America's largest healthcare providers, has been hit by an alleged ransomware attack.
The company's IT networks have been taken offline by what is thought to be another case of Ryuk ransomware.
The most popular ransomware strains targeting UK businesses Selective ransomware Ryuk nets $4m from big businesses Spanish Ryuk ransomware attack hints at new WannaCry
Despite being relatively new, Ryuk has quickly built a fearsome reputation for attacks on enterprise-level businesses. It is ransomware that uses encryption to block access to a system until a ransom is paid.
This strain of malware hit UHS systems on Sunday, according to reports, shutting down its IT networks and forcing its workers to use "offline documentation". UHS provides healthcare for profit at some 400 hospitals and facilities across the US and in the UK.
"The IT network across Universal Health Services facilities is currently offline due to an IT security issue," the organisation said in a statement. "We implement extensive IT security protocols and are working diligently with our IT security partners to restore operations as quickly as possible."
One hospital worker told TechCrunch that their computer screen changed with text that referenced the "shadow universe", which is often the case with Ryuk ransomware attacks.
"Everyone was told to turn off all the computers and not to turn them on again," the unnamed person said. "We were told it will be days before the computers are up again."
It is not immediately known what effect the attack is having on patient care, or how widespread the infection is, but UHS has said that "no patient or employee data appears to have been accessed, copied or otherwise compromised".
Although the exact origin of Ryuk is unknown, it has been linked to a Russian cyber crime group called WizardSpider, which are known to go "big game hunting" - meaning they target larger organisations.
A number of Spanish organisations were hit by the ransomware earlier in the year, and there are fears it could lead to 'WannaCry' levels of disruption.
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job lossesNews With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker groupNews An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabsNews An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
-
It's been a bad week for ransomware operatorsNews A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Everything we know about the Peter Green Chilled cyber attackNews A ransomware attack on the chilled food distributor highlights the supply chain risks within the retail sector
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?News The Scattered Spider group has been highly active in recent years
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reported
News Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the lastNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackersNews Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
