The American hospital chain Universal Health Services (UHS) has been grappling, since this weekend, with a computer attack which resulted in making part of its computer system inaccessible.
This computer attack has direct consequences on the care of patients, already complicated by the Covid-19 pandemic. For lack of computer tools, caregivers had to resort to paper and pencil.
A very tense situation
Employees interviewed by the Associated Press (AP) news agency described a very complicated situation on Monday evening, the paralysis having lengthened the wait in the emergency room and preventing caregivers from knowing precisely which of their patients was infected with Covid-19. Others reported having difficulty communicating, sometimes due to a lack of telephone, in accessing test results, examinations and drug prescriptions.
“As I speak to you, we have lost access to all records and patient history” an employee of a Texas UHS hospital told AP. On condition of anonymity, the latter explained that the waiting time for emergencies had been reduced from forty-five minutes to six hours and that some devices transmitting measurements of heart rate, blood pressure or oxygen levels by Wi-Fi had to be turned off, restarted and then plugged in with cables to communicate again.
UHS is a health heavyweight in the United States: As one of the nation’s 500 largest companies, it operates more than 400 health facilities across the United States, boasts of treating 3.5 million patients each year and employs nearly 90,000 people.
The company defends itself against any impact on patients
In a statement, the company first acknowledged a ” computer problem “, which does not prevent the assumption of “Safe and efficient” patients, whose data would not have been “Copied or used” by pirates. Some of the inaccessible systems were intentionally disconnected to stop the spread of the attack, Marc Miller, president of Universal Health Services, suggested in an interview with Wall Street Journal.
According to him, and contrary to what the testimonies of his employees suggest, no damage would have been caused to the patients. With the American daily, the business manager also assured that the pharmacy data was backed up every twenty-four hours, making it easier to restore them. He also suggested that 250 establishments in his group would be affected by the disruptions. Hospitals run by the company in the UK have escaped the ransomware, according to a spokesperson on Monday evening by AP.
The company and its manager are at this stage very discreet about the exact nature of this computer attack. However, everything seems to indicate the involvement of ransomware, a computer virus that makes data and computers inaccessible and demands a ransom to restore use.
Ransomware particularly affects hospitals, where computer systems, very heterogeneous, are difficult to protect and whose data, particularly valuable, is easy to monetize for hackers, especially in the United States where health institutions are companies like others. In 2019, 764 of them were affected, according to data from the specialized company Emsisoft, cited by the AP agency.
German authorities recently made public what amounts to the first death linked to such an incident. A patient, sent to another facility by a hospital unable to manage her due to a ransomware attack, died while being transferred. In France, several health establishments have been affected by attacks of this kind. The most serious case affected the Rouen University Hospital at the end of 2019. Here too, the caregivers had to take out the reams of paper and dust their pens, for lack of a computer system.
