UHS hit with massive cyberattack as hospitals reportedly divert surgeries, ambulances

A major hospital chain has been hit by a massive cyberattack that reportedly has taken down all of its IT systems.

Computer systems at Universal Health Services (UHS), which operates 400 hospitals and behavioral health facilities in the U.S. and the U.K., began to fail over the weekend, and some hospitals have had to resort to filing patient information with pen and paper, according to multiple people familiar with the situation, NBC reported Monday.

UHS hospitals in the U.S. including those from California, Florida, Texas, Arizona, and Washington D.C. are reportedly left without access to computer and phone systems. Affected hospitals are redirecting ambulances and relocating patients in need of surgery to other nearby hospitals, according to media reports.

UHS has more than 90,000 employees and provides healthcare services to approximately 3.5 million patients each year.

The health system did no respond to a request for comment but issued a statement Monday that its IT network across its facilities is currently offline, due to an IT security issue.

"We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible. In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively," UHS said in the statement.

RELATED: Inova Health System latest hospital impacted by ransomware attack on software vendor

The health system said no patient or employee data appears to have been accessed, copied or misused.

UHS employees began reporting problems on Monday via Reddit saying the attack has been shutting down computers at various hospitals, forcing them to turn away patients, PC Mag reported.

One Reddit user working at a UHS facility in the Southeast wrote that multiple antivirus programs were disabled by the attack and "hard drives just lit up with activity."

The employee said patients were sent away as part of EMS diversion. "We have no access to anything computer based including old labs, EKGs, or radiology studies. We have no access to our PACS radiology system. No patients died tonight in our ED but I can surely see how this could happen in large centers due to delay in patient care," the Reddit user said.

RELATED: Hacker arrested for 2014 UPMC data breach involving 65K employees

An employee at a California facility also reported via Reddit that the ER is closed to ambulances and operating rooms are closed and all ambulances and surgeries are being rerouted.

BleepingComputer reported that a notorious ransomware strain known as Ryuk appears to be behind the attack. An employee said during the cyberattack files were being renamed to include the .ryk extension. This extension is used by the Ryuk ransomware, BleepingComputer reported.

An UHS employee also said one of the impacted computers' screens changed to display a ransom note reading "Shadow of the Universe," a similar phrase to that appearing at the bottom of Ryuk ransom notes.

Based on information shared with BleepingComputer, the attack on UHS' system likely started via a phishing attack.

In 2017, a ransomware strain called WannaCry spread across the world and infected the U.K.'s National Health System. The attack disrupted at least 80 medical facilities, though there were no publicly reported deaths associated with the incident.