An Alabama hospital system paid hackers to regain access to patient files, according to The Tuscaloosa News, but it was unclear Saturday when the system’s three hospitals would fully reopen.
A California-based cybersecurity firm believes the group of hackers who use the particular ransomware software found on DCH Health System computers work from Russia.
DCH Health System paid the hackers for a decryption key to regain access to the critical files, a spokesman for the hospital system told The Tuscaloosa News on Saturday. The company has said there is no indication that patients records has been misused or stolen.
In a statement on the hospital system’s website Saturday the company said said DCH Regional Medical Center in Tuscaloosa, Northport Medical Center in Northport and Fayette Medical Center willall remain closed to all but the most critical new patients. All three hospitals were closed on Oct. 1 to non-critical new admissions.
“Our Emergency Departments will continue to see patients who bring themselves to the hospital,” the statement reads.
“In collaboration with law enforcement and independent IT security experts, we have begun a methodical process of system restoration. We have been using our own DCH backup files to rebuild certain system components, and we have obtained a decryption key from the attacker to restore access to locked systems.
“We have successfully completed a test decryption of multiple servers, and we are now executing a sequential plan to decrypt, test and bring systems online one-by-one. This will be a deliberate progression that will prioritize primary operating systems and essential functions for emergency care. DCH has thousands of computer devices in its network, so this process will take time.”
“We cannot provide a specific timetable at this time, but our teams continue to work around the clock to restore normal hospital operations, as we incrementally bring system components back online across our medical centers. This will require a time-intensive process to complete, as we will continue testing and confirming secure operations as we go.”
“We expect to be making additional announcements in the coming days, as key systems are restored and more patient services resume. Meanwhile, we are grateful for the dedication and professionalism of our staff, as they continue using our emergency downtime procedures to provide safe and patient-centered care.
We will provide continual updates on our website as patient services become available and departments reopen.”
The cost to hospitals in hacking attacks can be staggering. According to a 2019 study by the Ponemon Institute hackers cost health care businesses $408 for each lost or stolen record.
DCH Health System has said the hackers used a ransomware called Ryuk.
The National Cyber Securty Centre in June issued an advisor on Ryuk attacks globally. The ransomware virus was first spotted in August 2018.
The cybersecurity firm Crowdstrike believes the Ryuk ransomware attacks emanate from a hacker group in Russia known as “WIZARD SPIDER” and that the Russian group has netted about $3.7 million in bitcoins since August 2018.
The news website Security Intelligence reported that computers at more than 100 businesses in the U.S. were infected with the Ryuk virus between August 2018 and May 2019.