Hospital chain with ties to Hampton Roads continues to deal with major IT security incident

Posted at 3:15 PM, Sep 29, 2020
and last updated 2020-09-29 22:06:15-04

HAMPTON ROADS, Va. – A major hospital chain says they are working with their security partners to restore their Information Technology operations as quickly as possible after what they are calling an IT security incident that happened in the early morning hours of September 27.

Universal Health Services operates internationally in Britain and has more than 250 hospitals and clinical facilities across the country, including several in Hampton Roads:

  • Kempsville Center for Behavioral Health - Portsmouth
  • Harbor Point Behavioral Health Center – Portsmouth
  • First Home Care – Tidewater - Portsmouth
  • Virginia Beach Psychiatric Center – Virginia Beach
  • Newport News Behavioral Health Center – Newport News
  • Cumberland Hospital – New Kent

They said they suspended user access to their IT applications and are now working to fix the issues.

The hospital chain said they have no evidence that patient or employee data was accessed, copied or misused.

Tidewater Community College Professor Gregg Tennefoss is an IT expert.

He said every business and individual needs to be aware that cybercriminals are constantly looking to gain data and information by breaking into security systems.

He said the criminals are looking to attack schools, hospitals, cities, government agencies and individuals.

He said cyberattacks happen frequently - even to companies with protection.

“They could have really good security or great security, and it still gets through,” said Tennefoss.

In this incident, doctors and nurses were forced to use backup paper systems due to the outage. They say this caused delays and backups.

“Technology is like everything else in the world; if it can do good, it can do bad,” said Tennefoss. “The tools we use to secure computers can also be used to attack computers.”

He said it’s a good reminder for everyone to protect their cellphones and computers by not clicking on unknown emails, pop-ups or links.

“It’s just a fact of life in 2020,” said Tennefoss.

Below is an updated statement the company issued Tuesday night:

The IT Network across Universal Health Services (UHS) facilities is currently offline, as the company works through a security incident caused by malware. The cyber attack occurred early Sunday morning, at which time the company shut down all networks across the U.S. enterprise. We have no indication at this time that any patient or employee data has been accessed, copied or misused. The company's UK operations have not been impacted.

UHS implements extensive IT security protocols to protect our systems and data, and we are working diligently with our IT security partners to restore IT infrastructure and business operations as quickly as possible. We are making steady progress with recovery efforts. Certain applications have already started coming online again, with others projected to be restored on a rolling basis across the U.S.

In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively.
Universal Health Services, Inc.