DCH Hospital System Pays Off Hackers for Ransomware Decrpytion Key

October 7 Update:  DCH Health System hospitals in west Alabama, the latest hospital system to be a victim of ransomware attacks, paid the ransom on Saturday, which enabled DCH to get the decryption key to unlock its computer systems, reports Tuscaloosa News. DCH officials have not revealed the amount that was paid.

It is believed that DCH’s three hospitals were infected with Ryuk ransomware, reports Bleeping Computer.  Ryuk is a particularly nasty version of ransomware that is delivered via a sophisticated, multi-stage attack, which paralyzes organizations, reports SophosLabs. To increase the likelihood of payment, the hackers that deploy Ryuk typically attack organizations that can’t withstand any downtime.

A cybersecurity firm believes the hackers responsible for this attack are from Russia, reports the Alabama Political Reporter.

Ransomware attacks have forced several hospitals in the United States and Australia to completely close or have shut down some of their systems.

Three DCH Health System hospitals in west Alabama have been affected by Tuesday’s ransomware attack and have implemented emergency procedures to ensure operations continue should computers not be available, according to a press release posted on DCH’s website. Despite these emergency procedures, DCH Regional Medical Center, Northport Medical Center and Fayette Medical Center are closed to all but the most critical new patients. Staff is caring for the patients who are currently in the hospital, and DCH Health Systems has no plans to transfer current patients.

A ransom demand has not been received by DCH yet.

In Australia, multiple hospitals and health services from southwest Victoria and Gippsland have lost access to several IT systems, reports BleepingComputer.com. Some have gone into manual operation mode.

“The cyber incident, which was uncovered on Monday, has blocked access to several systems by the infiltration of ransomware, including financial management,” the Victorian Government said in a statement. “Hospitals have isolated and disconnected a number of systems such as internet to quarantine the infection.”

The Australian attack has affected patient record, booking and management systems.

Only a few weeks ago, Campbell County Health experienced a ransomware attack that disrupted many of its services and made patient care difficult. During the attack, all 1,500 of the Wyoming hospital’s computers were affected.

On September 18, Wood Ranch Medical in Simi Valley, Calif., notified patients that it had experienced a ransomware attack on August 10. As a result of the attack, the facility was unable to restore patients’ healthcare records and announced it will be closing in December.

Last November, East Ohio Regional Hospital and Ohio Valley Medical Center fell victim to ransomware attacks. Fortunately for both facilities, quick responses and strong security defenses resulted in little impact on the hospitals, who refused to pay the cyber attacker’s ransom.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Related Content

UPDATE: Ransomware Group Leaks Change Healthcare Data

HHS Urges Quick ID and Implementation of Solutions to Change Healthcare Ransomware Debacle

Hackers Post Gory Videos on UC Irvine Discord Groups

Cybersecurity Researcher Finds School Shooting Emergency Plans Exposed Online