Universal Health Services, a large hospital system with more than 400 locations across the country, was still working Tuesday to get its network and operations back online after a cyberattack early Sunday morning.
“We are making steady progress with recovery efforts,” the Pennsylvania-based company said in a statement late Tuesday. “Certain applications have already started coming online again, with others projected to be restored on a rolling basis across the U.S.”
The company said it “experienced an information technology security incident in the early morning hours of September 27, 2020,” and as a result it was forced to shut down its entire computer network, impacting patient data, laboratory systems and clinical information.
“Patient care continues to be delivered safely and effectively,” the company’s statement noted, adding that at the moment there’s “no evidence that patient or employee data was accessed, copied or misused.”
Dr. Jonathan Reiner, a cardiologist at George Washington University Medical Center, a UHS acute care hospital impacted by the attack, told CNN it may take several days to reset the system.
“They proactively took down all, their entire network, to protect the network when they detected the attack and they’re working using these downtime protocols to maintain clinical operations in a safe way while they slowly bring systems back up online,” he said.
In the meantime, he said it’s a “big deal.”
Reiner said the affected facilities are back to using manual systems, which was once the norm, so patient safety isn’t necessarily a problem at all. “But it’s a big deal. It’s a big deal,” he repeated.
He said he had to cancel several surgical procedures Tuesday and added it’s “much more cumbersome to track down patient data.”
The UHS statement said its facilities are using “established back-up processes including offline documentation methods” — meaning pen and paper.