Five things to know:
1. UHS experienced the cyberattack from Sept. 27, 2020, into October 2020; the health system said it was forced to divert patients to competitor facilities, saw steep increases in labor expenses to restore its networks, and experienced administrative functions such as coding and billing delayed into December.
2. These factors had “a negative impact on our operating cash flows during the fourth quarter of 2020,” UHS said in financial documents released Feb. 25.
3. UHS said the breach had an unfavorable pretax effect of $67 million, with $55 million in the fourth quarter of 2020 and $12 million in the third quarter of 2020.
4. UHS didn’t pay a ransom, and a health system spokesperson told the Journal that UHS believed it would be entitled to recoup costs through insurance.
5. During the cyberattack, UHS shut down computer systems for medical records, labs and pharmacies across 250 U.S. facilities. This caused disruptions including ambulance diversions and sending patients to different surgeons for care, UHS CFO Steve Filton told investors in January, according to the report.
“I think, intellectually, you know that we’re very reliant on our information technology,” Mr. Filton said, “but you don’t really realize how much you are until something disrupts that.”
More articles on cybersecurity:
North Dakota hospital informs 1,500 patients of data breach
More than 350K health records breached in February
FBI finds 79,100 Georgia medical center patients’ data on unauthorized computer
