WASHINGTON (Reuters) – Hospital chain Universal Health Services’ network remains offline on Tuesday, two days after falling prey to a malware attack, the company said.
UHS, which operates about 400 hospitals and care centers across the United States and the United Kingdom, said in a statement it was dealing with a “security incident caused by malware.” The company said its British operations had not been impacted.
UHS has provided few details, but experts and employees said the outage had the hallmarks of ransomware, a breed of malicious software that locks users out of their computers until a digital payment is made.
UHS employees have reported disruptions across the country as doctors and nurses scrambled to rewire machines and switch to pen and pen paper recordkeeping.
At UHS’s Cedar Hills Hospital outside Portland, Oregon, prescriptions and delivery of medication to patients were disrupted, one employee said, noting that some patients were agitated and shouting at nurses.
“In a psych ward it’s very problematic,” the employee said, speaking on condition of anonymity because he was not authorized to speak to the media. “Psychiatric patients need their medication. It causes a lot of tension and stress.”
UHS spokeswoman Jane Crawford said in an email that Cedar Hills Hospital was using “a downtime protocol that allows us to manage medications manually” and that prescriptions for discharged patients were being written down manually.
“We are confident that we can and will continue to meet the needs of our patients,” she said.
In a statement released earlier Tuesday, Crawford acknowledged that “this matter may result in temporary disruptions to certain aspects of our clinical and financial operations.”
She forwarded the emails to Reuters using her personal email address; emails sent to her professional account were returned as undeliverable.
Reporting by Raphael Satter; Editing by Alistair Bell and Leslie Adler