Skip to main content
close search
site logo
Dive Brief

UHS estimates Ryuk ransomware damage cost at $67M

Published March 2, 2021
Samantha Schwartz's headshot
Samantha Schwartz Reporter
UHS

UHS

Dive Brief:

  • United Health Services (UHS) estimates its September Ryuk ransomware attack cost it $67 million in unfavorable pre-tax costs in 2020, according to its Q4 and year-end earnings released Thursday.
  • In the immediate aftermath of the cyberattack, UHS suspended IT applications for U.S.-based operations and used offline patient documentation. Patients and ambulances were redirected to other, sometimes competitor, facilities in the interim.  
  • Coding and billing functions were delayed into December, which had a negative impact on UHS' operating cash flows in Q4.

Dive Insight:

UHS realized about $12 million in losses in Q3, followed by another $55 million in Q4. The majority of the losses was due to lost operating income in acute care services, UHS said. The operating income suffered from a decline in patience activity and "increased revenue reserves recorded in connection with the associated billing delays." 

The healthcare organization is unable to provide an estimate of "receipt timing, or amount, of the proceeds that we may receive" from its insurance carrier at this time. However, UHS expects "we are entitled to recovery of the majority of the ultimate financial impact resulting from the cyberattack." 

While cyber insurers are trying to evolve to meet today's demands, traditional insurance policies fall short. In Q4 2019, cyber insurance premiums increased by only 3% on average, despite a historic year in ransomware attacks on the healthcare industry. 

Even with cost containment at top of mind, cyber insurers aren't drastically increasing their rates or scale back coverage. In some cases remnants of a malicious actor can remain in a system, leading to future coverage to make up for incurred losses.

The UHS ransomware attack impacted more than 250 hospitals in the U.S., sparing those based in the U.K. While certain IT systems, including its electronic health records, were unaffected by the hack, the healthcare organization was delayed in the recovery process. 

The hospital group disclosed the ransomware attack two days after the organization found it on Sept. 27, 2020. UHS restored IT applications on a "rolling/staggered basis" in its acute care and behavioral health facilities throughout October, according to the report. 

Part of UHS' initial recovery included "re-establishing connections to all major systems and applications, including electronic medical records, laboratory and pharmacy systems," the organization said in October. The applications sat across acute care facilities and corporate accounts. 

Ryuk operators latch onto legitimate credentials to extend their access in networks. After a target opens a phishing email, Ryuk's infection-to-deployment time can be as little as 3 hours, 30 minutes but on average the "time to Ryuk" is just under six days, according to Sophos and Mandiant

Recommended Reading

Filed Under: Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell