6 Cybersecurity Lessons from the Universal Health Cyber Attack

Nov 7, 2020
  • Cybersecurity

In late September 2020, computer systems at Universal Health Services Inc., (UHS) one of the nation’s largest hospital chains, were taken offline after a malicious ransomware attack crippled the company’s computers and led it to cancel surgeries and divert some ambulances. In the midst of a global pandemic, it sent healthcare providers across the world scrambling to make sure their networks are secure. Since that time, copycat attacks on healthcare-related facilities and firms have become increasingly more common.

While UHS is a large organization, healthcare providers of all sizes must ensure they are doing their due diligence to protect their networks and their patients. As a CIO with a long career focused on cybersecurity in healthcare, I’ve learned you can’t be too cautious when it comes to networks. There is always room for improvement and, while it doesn’t necessarily cost a lot of money to protect a network, it does cost time. The more you prepare for something like this now, the more it will mitigate risk when a breach happens. Just remember, it’s not a matter of if a cyberattack will happen, but of when.

Our company, VALiNTRY360 is a digital transformation company, but we work hard with our clients on the front end to make sure security protocols are put in place. Some of those protocols have nothing to do with the networks themselves. These include:

Employee Awareness

The number one issue in protecting any healthcare organization’s network is employee awareness. Contrary to popular belief, most hacks do not happen because of employee integrity or character issues. It is primarily due to negligence and ignorance. Often a breach happens when employees have lowered their guards. For example, phishing emails can be disguised as coming from companies such as Apple or Microsoft requesting an update or password change with a provided link. Of course, this link is actually designed to capture passwords and other sensitive information which will enable threat actors to access your network and create a breach.

The best weapon against these types of threats is education. Organizations should regularly train their teams to recognize red flags such as phishing emails or “smishing” text messages. This must happen on a regular basis. One option is to send emails once every few weeks educating teams on possible red flags and what to do if they recognize one. If your team is working remotely, consider holding mandatory webinars on recognizing suspicious activity both online or in physical offices to decrease your overall risk.


Sometimes you can catch a problem before it ever happens. If you are a healthcare provider and have Salesforce like many of our clients, we recommend, using data monitoring products tailored to Salesforce such as Salesforce Shield or FairWarning. Products like these have settings designed to notify administrators if there is any unusual or unauthorized activity, that can help prevent breaches from ever happening. But no software is perfect. Every system needs a human element with team members focused on various responsibilities to stop a breach as well as proper and early reporting when a breach occurs.

Policies and Procedures

Make sure your team has very detailed policies and procedures established to mitigate a breach. At some level, the entire organization needs to understand the importance of, and their roles and responsibilities in, the continued cybersecurity of the organization. These policies and procedures must be updated and communicated when something changes. Leadership must have a plan for every step of the employee experience. For example, what happens when new team members are hired? What elevates an activity from a potential to an actual threat? What happens when an employee leaves? These policies ensure that threat actors are neutralized before they are able to inflict harm on the network or leverage the firm’s data with malicious intent.

Network Access

One of the most important policies a firm can develop is its Network Access Policy. It is important that team members not have access to the network beyond their job function and seniority level. The last thing IT security teams want is for an employee to make a mistake with data they should never have accessed nor are they trained to use. On the flip side, setting access restrictions that are too draconian can lead to frustration, lack of efficiency, and poor performance. So take the time to thoughtfully consider and regularly evaluate your team’s access protocols as it can pay great dividends in the long run.

Test for Vulnerabilities

Organizations usually have some type of security software such as anti-virus, anti-malware, and anti-phishing software. With automatic updates, it is easy to keep licenses on each computer up to date. However, it is equally important to test the software. This can be done by an inside team member sending an email that mirrors an actual phishing email. Better yet, hire an outside organization to try and “hack” your system. Upon completion, you should expect to receive a detailed report on vulnerabilities within your network which can then be used as a roadmap for improvements and training. While there is a price tag associated with these tests, they are more than worth it compared to the costs associated with an actual cyber-attack.


Finally, find the balance on the appropriate frequency of data backups. Daily backups can be costly and monthly might not be frequent enough. If your data is ever compromised, it is important to minimize network downtime. While analog methods can be used for a short period of time as the network is restored, if there is a major outage, you may find your business is unable to recover from the dramatic loss of productivity and customer trust.


A cyberattack can come in many forms, from ransomware to corporate espionage. It is not a matter of if, but when it will happen to your organization, just like it did with Universal Health. While no network is ever completely safe, there are ways you can protect yourself, your team, and your customers. From creating solid policies to providing regular training and managing access, the more diligent you are, the more your risk will be mitigated. Members of the VALiNTRY360 team would be happy to talk you through various solutions and further explain how Salesforce can meet your digital transformation and security needs. The decision is your on how you can better strengthen your network. The important thing is to get started today. It’s never too late!