Hospitals in Alabama pay hackers after ransomware attack

October 07, 2019
by Thomas Dworetzky, Contributing Reporter
DCH hospitals have reportedly paid the hackers responsible for a crippling ransomware attack, according to Tuscaloosa News.

After getting slammed with a ransomware attack October 1, three DCH system hospitals in Alabama — in Tuscaloosa, Northport and Fayette — are are still struggling to cope. The facilities are continuing to care for existing patients, and also some on an outpatient basis. New patients are being to sent to neighboring Birmingham and Mississippi facilities.

“The ransomware attack continues to impact our ability to accept new patients,” spokesman Brad Fisher announced October 2, according to the Tuscaloosa News, adding that “we are investigating all options for securely and swiftly restoring our IT system.”

In the first nine months of 2019, at least 621 various government and private groups — of which 491 were healthcare providers — have been hit by ransomware, according to a newly released report by the cybersecurity firm Emsisoft.

At this point, more detail on motivations and demands of the attack are not public. “We are coordinating with law enforcement throughout our response and do not anticipate sharing specifics about the investigations underway or the perpetrator’s demands,” DCH said in a statement.

DCH's response was to implement emergency procedures, including coordinating with law enforcement and hiring independent IT security experts, “who are working around the clock to help us understand and resolve this incident,” it recounted in a statement on its website. It also noted that staff had switched to paper instead of digital record-keeping in order to maintain care to patients.

DCH sought to calm concerned patients and others in the community, stating that all should “rest assured,” that existing patients “needs are met and at this time patients are not being transferred.”

The health system also advised in a statement on its site that, so far, it doesn't appear that data has been misused or stolen from records at the DCH Regional Medical Center, Northport Medical Center and Fayette Medical Center facilities, but that “we are committed to completing a full forensic investigation following resolution of this outage, and we will take all appropriate action in response to our findings.”

While the actual source of the attack may at present be unknown, according to DCH, the type of ransomware has been discovered. “The ransomware variant Ryuk was used to encrypt the files, stated the health system.

In February, it was revealed that a larger, international ransomware attack could cost the U.S. economy almost $89 billion, according to a new report by the Cyber Risk Management (cyRiM) project, an initiative for assessing cybersecurity risks, of which specialist insurance and reinsurance market, Lloyd’s, is a founder.

The report also advised that the total global price tag of such an attack could hit $193 billion.

“Overall, healthcare facilities have likely become susceptible to ransomware and other cybersecurity threats due to the lack of historical focus on cybersecurity as a key priority,” Juuso Leinonen, senior project engineer at ECRI Institute, told HCB News at the time, adding that, “the rapid trend in connecting medical devices and overall increase in connected data systems integral to patient care have likely exacerbated the problem.”