Connect with us

Hi, what are you looking for?

News

DCH Hospital System pays Russian hackers in ransomware attack

A computer popup box screen warning of a system being hacked, compromised software enviroment. 3D illustration.

An Alabama hospital system paid hackers to regain access to patient files, according to The Tuscaloosa News, but it was unclear Saturday when the system’s three hospitals would fully reopen.

A California-based cybersecurity firm believes the group of hackers who use the particular ransomware software found on DCH Health System computers work from Russia.

DCH Health System paid the hackers for a decryption key to regain access to the critical files, a spokesman for the hospital system told The Tuscaloosa News on Saturday. The company has said there is no indication that patients records has been misused or stolen.

In a statement on the hospital system’s website Saturday the company said said DCH Regional Medical Center in Tuscaloosa, Northport Medical Center in Northport and Fayette Medical Center willall remain closed to all but the most critical new patients. All three hospitals were closed on Oct. 1 to non-critical new admissions. 

“Our Emergency Departments will continue to see patients who bring themselves to the hospital,” the statement reads. 

“In collaboration with law enforcement and independent IT security experts, we have begun a methodical process of system restoration. We have been using our own DCH backup files to rebuild certain system components, and we have obtained a decryption key from the attacker to restore access to locked systems. 

“We have successfully completed a test decryption of multiple servers, and we are now executing a sequential plan to decrypt, test and bring systems online one-by-one.  This will be a deliberate progression that will prioritize primary operating systems and essential functions for emergency care. DCH has thousands of computer devices in its network, so this process will take time.”

Advertisement. Scroll to continue reading.

“We cannot provide a specific timetable at this time, but our teams continue to work around the clock to restore normal hospital operations, as we incrementally bring system components back online across our medical centers. This will require a time-intensive process to complete, as we will continue testing and confirming secure operations as we go.”

“We expect to be making additional announcements in the coming days, as key systems are restored and more patient services resume.  Meanwhile, we are grateful for the dedication and professionalism of our staff, as they continue using our emergency downtime procedures to provide safe and patient-centered care. 

We will provide continual updates on our website as patient services become available and departments reopen.”

The cost to hospitals in hacking attacks can be staggering. According to a 2019 study by the Ponemon Institute hackers cost health care businesses $408 for each lost or stolen record. 

DCH Health System has said the hackers used a ransomware called Ryuk. 

The National Cyber Securty Centre in June issued an advisor on Ryuk attacks globally. The ransomware virus was first spotted in August 2018. 

The cybersecurity firm Crowdstrike believes the Ryuk ransomware attacks emanate from a hacker group in Russia known as “WIZARD SPIDER” and that the Russian group has netted about $3.7 million in bitcoins since August 2018.

Advertisement. Scroll to continue reading.

The news website Security Intelligence reported that computers at more than 100 businesses in the U.S. were infected with the Ryuk virus between August 2018 and May 2019.

Eddie Burkhalter is a reporter at the Alabama Political Reporter. You can email him at [email protected] or reach him via Twitter.

More from APR

Education

The institute is poised to have a significant influence over the direction of cybersecurity for the future.

State

Six of the nation’s most senior cybersecurity officials will gather Tuesday, Oct. 19.

Congress

The vote split the Alabama Congressional delegation with Reps. Mike Rogers, Jerry Carl and Terri Sewell voting in favor.

Education

The EnergyTech accelerator organization will support startups in energy technology and advance the University of Alabama’s educational and research mission.