The American hospital chain Universal Health Services (UHS) has been grappling with a computer attack since this weekend, which resulted in making part of its computer system inaccessible.
This computer attack has direct consequences on the care of patients, already complicated by the Covid-19 pandemic. Due to a lack of computer tools, caregivers had to resort to paper and pencil.
A very tense situation
Employees interviewed by the Associated Press (AP) described a very complicated situation on Monday evening, with paralysis having lengthened the wait in the emergency room and preventing caregivers from knowing precisely which of their patients was infected with Covid-19. Others reported having difficulty communicating, sometimes due to a lack of telephone, accessing test results, tests and medication prescriptions.
“As I speak to you, we have lost access to all records and patient history” an employee of a Texas UHS hospital told AP. On condition of anonymity, the latter explained that the waiting time for emergencies had been reduced from forty-five minutes to six hours and that some devices transmitting measurements of heart rate, blood pressure or oxygen levels by Wi-Fi had to be shut down, restarted and then plugged in with cables to communicate again.
UHS is a health heavyweight in the United States: As one of the nation’s 500 largest companies, it operates more than 400 health facilities across the United States, boasts of treating 3.5 million patients each year and employs nearly 90,000 people.
The company defends itself against any impact on patients
In a statement, the company first acknowledged a ” computer problem “, which does not prevent taking charge “Safe and efficient” patients, whose data would not have been “Copied or used” by pirates. Some of the inaccessible systems were intentionally disconnected to stop the attack from spreading, Marc Miller, president of Universal Health Services, suggested in an interview with Wall Street Journal.
According to him, and contrary to what the testimonies of his employees suggest, no harm was caused to the patients. With the American daily, the head of the company also assured that the pharmacy data was backed up every 24 hours, making it easier to restore. He also suggested that 250 establishments in his group would be affected by the disruptions. Hospitals run by the company in the UK have escaped ransomware, according to a spokesperson on Monday evening by AP.
The company and its manager are at this stage very discreet about the exact nature of this cyber attack. However, all indications point to the involvement of ransomware, a computer virus that renders data and computers inaccessible and demands a ransom to restore them to use.
Ransomware particularly affects hospitals, where computer systems, very heterogeneous, are difficult to protect and whose data, particularly valuable, is easy to monetize for hackers, especially in the United States where health institutions are companies like others. In 2019, 764 of them were affected, according to data from the specialist company Emsisoft, cited by the AP agency.
German authorities recently made public what appears to be the first death linked to such an incident. A patient sent to another facility by a hospital unable to manage her due to a ransomware attack died while being transferred. In France, several health establishments have been affected by attacks of this kind. The most serious case affected the Rouen University Hospital at the end of 2019. Here too, the caregivers had to take out the reams of paper and dust their pens, for lack of a computer system.