“We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible,” the statement reads. “Patient care continues to be delivered safely and effectively.”

NBC News reports some UHS hospitals have had to fall back on filing patient information using pen and paper due to the attack. On Reddit and Twitter, there are also reports of UHS facilities redirecting ambulances to other nearby hospitals. “When the attack happened multiple antivirus programs were disabled by the attack and hard drives just lit up with activity,” says one of those reports. 

A UHS employee told Bleeping Computer that they saw files renamed during the attack to include a .ryk extension. That extension is associated with the Ryuk ransomware. Like most other ransomware, Ryuk encrypts files to prevent someone from accessing them until they pay a fee. 

If UHS was the victim of a ransomware attack, it wouldn’t be the first time a healthcare provider has been the target of a cyberattack. On September 9th, Düsseldorf University Hospital in Germany sent a patient to a hospital 19 miles away after hackers compromised their IT systems in a ransomware attack. The patient died while doctors tried to transfer her to the other hospital.