There is no indication data have been misused or removed from the system, DCH said.
Photo/Thumb have been modified. Courtesy of monsitj - stock.adobe.com.
Three Alabama hospitals within the DCH Health System are not accepting new patients due to a ransomware attack identified on Oct. 1, the health system said.
An unknown individual used malicious software to encrypt files and restrict access to the computer systems at DCH Regional Medical Center, Northport Medical Center and Fayette Medical Center, the health system told patients.
While there is no indication that any data have been misused or removed from the system, DCH said it is committed to completing a full forensic investigation.
The health system implemented emergency procedures upon discovering the cybersecurity attack and initiated a comprehensive response with law enforcement and independent IT security and forensics experts. Investigators found that the cyberattacker used the ransomware variant Ryuk to encrypt the files.
The attack affected the system’s ability to accept new patients, but it can still provide crucial medical services to those who need it, DCH said in a statement. DCH advised patients who have non-emergency medical needs to go to other providers while it tries to restore its systems.
DCH said it implemented its emergency downtime procedures to “ensure safe and efficient operations while some systems are not available.” Departments within the health system have written policies on what to do and how to operate during downtime.
The protocols are reviewed, practiced and updated on a regular basis, the health system claimed.
During downtime, the health system temporarily replaced digital records with paper copies, which is something the doctors and nurses are trained to do.
“Following downtime protocols ensure we can maintain our standards of high-quality, patient-centered care during difficult times,” the health system said.
There is no specific timetable of when DCH can return back to normal operations. The health system will continue working with experts to investigate options for swiftly and securely restoring its IT systems.
The health system is also focused on learning how to prevent a ransomware attack like this from happening again. DCH engaged with independent cybersecurity experts to understand and respond to the incident. What’s more, the health system is reviewing its security protocols and said it will implement advanced security measures to add extra layers of defense.
Get the best insights in digital health directly to your inbox.
Related
Ransomware Attack Affects 320K, Medical Group Provides No Updates
FDA Warns Providers of Medical Device Cybersecurity Vulnerabilities
Patient Records Compromised in Breaches Doubled in First Half of 2019
Cybersecurity panel: How hospitals can protect their patients and their systems
November 18th 2024Chief Healthcare Executive® presents the final installment in our series, with experts from HIMSS, the American Hospital Association, and Providence. In this episode, our panel offers advice on how health systems can improve.
Cybersecurity panel: Hospitals threatened by attacks aimed at vendors
November 4th 2024Chief Healthcare Executive presents another installment from our conversation on cybersecurity, with experts from the American Hospital Association, HIMSS and Providence. They talk about breaches tied to business partners.