The Alabama-based DCH Health System has reportedly paid off hackers that took three local hospitals computer systems hostage using ransomware. One cybersecurity expert called such payouts “the fuel that drive ransomware attacks.”
Gizmodo reports that the Alabama-based DCH Health System has paid off hackers responsible for a ransomware attack that took the computer systems of three local hospitals hostage recently. Ransomware attacks are designed to encrypt hard drives and lock individuals out of their computer until they pay a ransom, usually sent via cryptocurrency, to the attacker. Seven hospitals in Australia were also affected by the cyber attack.
Medical staff at hospitals in Tuscaloosa, Northport, and Fayette were forced to switch to a manual paper patient in order to track patient data while they were locked out of their systems. All of the hospitals diverted “all but the most critical new patients” to other health care centers in the area. DCH officials still haven’t revealed how much was paid to the scammers but system spokesman Brad Fisher stated on Saturday morning that the company had teams working to undo the damage caused by the ransomware and that no patient data had been compromised.
Fisher told the Tuscaloosa News:
We worked with law enforcement and IT security experts to assess all options in executing the solution we felt was in the best interests of our patients and in alignment with our health system’s mission. This included purchasing a decryption key from the attackers to expedite system recovery and help ensure patient safety. For ongoing security reasons, we will be keeping confidential specific details about the investigation and our coordination with the attacker.
A statement on the DCH website said that the company was working with law enforcement and IT teams and had already begun “using our own DCH backup files to rebuild certain system components, and we have obtained a decryption key from the attacker to restore access to locked systems.” In the meantime, DCH will continue to direct patients to other health care centers as the system recovery will “require a time-intensive process to complete, as we will continue testing and confirming secure operations as we go.”
Brett Callow, a spokesman for cybersecurity firm Emsisoft, commented on the case stating: “Payouts are the fuel that drive ransomware attacks. The only way to stop attacks is to make them unprofitable. That isn’t to say that impacted entities should never pay—an organization like a hospital may have little choice in the matter—but rather that they should bolster their security to avoid being impacted in the first place. And this is especially true for entities like hospitals which provide critical services.”
On October 2nd, the FBI issued a warning that ransomware attacks are “becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent,” with the number of “broad, indiscriminate ransomware campaigns” declining but overall losses from targeted attacks increasing massively. The FBI noted that in some cases, individuals that paid ransom fees were never given encryption keys to restore their systems.