Statement from Universal Health Services
Updated Thursday, October 29, 2020, 4:30 pm ET — As previously disclosed on September 29, 2020, we experienced an information technology security incident in the early morning hours of September 27, 2020. As a result of this cyberattack, we suspended user access to our information technology applications related to operations located in the United States. While our information technology applications were offline, patient care was delivered safely and effectively at our facilities across the country utilizing established back-up processes, including offline documentation methods.
Since that time, our information technology applications have been restored at our acute care and behavioral health hospitals, as well as at the corporate level, thereby re-establishing connections to all major systems and applications, including electronic medical records, laboratory and pharmacy systems. With the back-loading of data substantially complete at this point, our hospitals are resuming normal operations.
We have worked diligently with our information technology security partners to restore our information technology infrastructure and business operations as quickly as possible. In parallel, we immediately began investigating the nature and potential impact of the security incident and engaged third-party information technology and forensic vendors to assist. Although the investigation remains ongoing, no evidence of unauthorized access, copying or misuse of any patient or employee data has been identified to date.