Universal Health Services reports $67 million in losses after apparent ransomware attack

Cybercrime has been costly to the health sector during the pandemic.
(Getty Images)

An apparent ransomware attack last fall caused $67 million in pre-tax losses at Universal Health Services, the U.S. health care provider has revealed, illustrating the sharp financial toll that criminal hackers have caused the sector during the pandemic.

The Sept. 27 breach at Universal Health Services (UHS) was widely reported to be a ransomware attack, with some analysts saying it involved the Ryuk strain of malicious code. It came amid a wave of suspected Ryuk incidents at the computer networks of various U.S. hospitals that federal authorities scrambled to address.

UHS, which oversees 400 hospitals and calls itself one of the biggest health care providers in the country, now says the cost of the breach included lost revenue because ambulances were diverted to competitor facilities. The incident also delayed billing procedures for more than two months, and forced UHS to spend big on labor costs to restore connectivity, the company said in a Feb. 25 earnings statement. Coding and billing delays caused by the hack carried into December.

Data breaches cost health care companies on average more than $7 million per incident, according to a 2020 IBM study. A slew of ransomware attacks during the pandemic has only put more pressure on a sector dealing with a shortage of security personnel. Alejandro Mayorkas, the newly minted Homeland Security secretary, has pledged more government resources to fight ransomware.


UHS, which reported more than $3 billion in revenue in the fourth quarter, suggested its insurance provider would cover a significant chunk of the losses. Under the company’s cyber-insurance policy, it said, “we believe we are entitled to recovery of the majority of the ultimate financial impact resulting from the cyberattack.” (A UHS spokesperson did not respond to a request for comment on the company’s insurance policy.)

Smaller clinics sometimes fare far worse. Wood Ranch Medical, a health care clinic in California, said it would have to close after a 2019 ransomware attack cut off access to patient records.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts