PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Ransomware Hits Healthcare Provider UHS, Shuts Down Hospital IT Systems

Although Universal Health Services largely runs behavioral healthcare facilities, it also operates some emergency care centers, potentially putting patients' lives at risk.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

A ransomware attack appears to have taken down all IT systems at Universal Health Services (UHS), which operates 400 hospitals and behavioral health facilities in the US and the UK. 

UHS employees began reporting problems on Monday via Reddit; the attack has been shutting down computers at various hospitals, forcing them to turn away patients, they say.

One UHS employee based in Arizona told PCMag that the disruption has been blamed on ransomware infecting hospital systems. “Everything is down. No access to any computer at all," the employee said. The hospital has only recently managed to restore the phone system. 

“I believe we are turning patients away,” the employee added. “We have been doing everything on paper charts. What gets me is we had no downtime protocols in place. It’s all been improv.”

BleepingComputer reports that a notorious ransomware strain known as Ryuk appears to be behind the attack, which has encrypted computers across the UHS network, making them impossible to access. 

Recommended by Our Editors

Wikipedia Editors Could Strike Following Layoffs
Wikipedia Editors Could Strike Following Layoffs
Blue Origin’s New Glenn Rocket Explodes Spectacularly During Ground Test
Blue Origin’s New Glenn Rocket Explodes Spectacularly During Ground Test
Google Engineer Charged for Using Insider Info to Win $1.2M on Polymarket Bets
Google Engineer Charged for Using Insider Info to Win $1.2M on Polymarket Bets

Ransomware can often be delivered via phishing emails or by exploiting vulnerabilities in a company's IT system. The hackers behind the assault will then post a ransom note, demanding the victims pay up in Bitcoin. 

The attack on UHS could put patient lives at risk, which is what many security experts have long feared might occur after an attack on a major hospital system. UHS operates 328 inpatient behavioral healthcare facilities, one surgical hospital, six “ambulatory” surgery centers, and 14 “freestanding emergency departments.”

In a statement, UHS confirmed IT systems were down across the company’s hospitals. But for now, UHS is attributing the problems to “an IT security issue.” The healthcare provider also says patient safety isn't at risk.

“In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively,” UHS said. "No patient or employee data appears to have been accessed, copied or otherwise compromised."

According to a UHS employee on Reddit, the attack occurred on Sunday morning at 2 a.m. “I was sitting at my computer charting when all of this started. It was surreal and definitely seemed to propagate over the network,” the user wrote. “All machines in my department are Dell Win10 boxes. When the attack happened multiple antivirus programs were disabled by the attack and hard drives just lit up with activity. After 1 min or so of this the computers logged out and shut down.”

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio