UHS restores IT service to hospitals, corporate data centers following massive ransomware attack

illustration of closed padlock on digital background representing cybersecurity
Universal Health Services said Monday it has made "substantial progress" toward restoration of online operations across all UHS IT networks. (ranjith ravindran/Shutterstock)

A week after being hit with a massive cyberattack, Universal Health Services said Monday that it has restored its corporate data centers.

The health system also said connectivity has been reestablished for all U.S.-based inpatient facilities.

UHS did not specify in its update whether it had paid any ransom to the hackers.

In a release on Oct. 3, UHS confirmed the ransomware attack reported a week ago affected 250 U.S. care sites and hospitals, spurring providers to rely on backup processes including offline documentation methods.

UHS experienced the massive cyberattack early Sunday morning, Sept. 27, at which time its IT department quickly disconnected all systems and shut down the network in order to prevent further propagation, the health system said.

The organization was hit with a notorious ransomware strain known as Ryuk, according to media reports. Affected hospitals had to redirect ambulances and relocate patients in need of surgery to other nearby hospitals, according to media reports.

RELATED: UHS breach shows the dangers facing hospitals with growing ransomware threats

It's just the latest example of the growing cyberthreats facing hospitals and health systems already reeling from the impact of the COVID-19 pandemic.

The health system said Monday it has made "substantial progress" toward restoration of online operations across all UHS IT networks. The network has been restored, and applications are in the process of being reconnected, the organization said.

Major information systems such as the electronic medical record were not directly impacted.

"We are in the process of restoring connections to these systems and back-loading data from the past week. More than half of our acute care hospitals are live already or scheduled to be live by the end of today," UHS said.

RELATED: UHS hit with massive cyberattack as hospitals reportedly divert surgeries, ambulances

King of Prussia, Pennsylvania-based UHS, one of the largest U.S. health systems, said it deployed a significant number of IT and clinical resources to the hospitals to support the resumption of online operations. The go-lives will continue on a rolling basis as clinicians continue to use backup processes including pen-and-paper documentation for patients.

"As we conduct our IT remediation work, we continue to have no indication that any patient or employee data has been accessed, copied or misused," the health system said.

The company's U.K. operations were not impacted.

The Department of Health and Human Services’ Office of the Assistant Secretary for Preparedness and Response last week issued an update (PDF) on the Ryuk ransomware threat to the healthcare and public health sectors.