Ransomware Attack Forces 3 Hospitals to Turn Away Patients

^{Photo/Thumb have been modified. Courtesy of monsitj - stock.adobe.com.}

Three Alabama hospitals within the DCH Health System are not accepting new patients due to a ransomware attack identified on Oct. 1, the health system said.

An unknown individual used malicious software to encrypt files and restrict access to the computer systems at DCH Regional Medical Center, Northport Medical Center and Fayette Medical Center, the health system told patients.

While there is no indication that any data have been misused or removed from the system, DCH said it is committed to completing a full forensic investigation.

The health system implemented emergency procedures upon discovering the cybersecurity attack and initiated a comprehensive response with law enforcement and independent IT security and forensics experts. Investigators found that the cyberattacker used the ransomware variant Ryuk to encrypt the files.

The attack affected the system’s ability to accept new patients, but it can still provide crucial medical services to those who need it, DCH said in a statement. DCH advised patients who have non-emergency medical needs to go to other providers while it tries to restore its systems.

DCH said it implemented its emergency downtime procedures to “ensure safe and efficient operations while some systems are not available.” Departments within the health system have written policies on what to do and how to operate during downtime.

The protocols are reviewed, practiced and updated on a regular basis, the health system claimed.

During downtime, the health system temporarily replaced digital records with paper copies, which is something the doctors and nurses are trained to do.

“Following downtime protocols ensure we can maintain our standards of high-quality, patient-centered care during difficult times,” the health system said.

There is no specific timetable of when DCH can return back to normal operations. The health system will continue working with experts to investigate options for swiftly and securely restoring its IT systems.

The health system is also focused on learning how to prevent a ransomware attack like this from happening again. DCH engaged with independent cybersecurity experts to understand and respond to the incident. What’s more, the health system is reviewing its security protocols and said it will implement advanced security measures to add extra layers of defense.

Get the best insights in digital health directly to your inbox.

Related

Ransomware Attack Affects 320K, Medical Group Provides No Updates

FDA Warns Providers of Medical Device Cybersecurity Vulnerabilities

Patient Records Compromised in Breaches Doubled in First Half of 2019