Hospitals That Are Turning Away Patients Reportedly Pay Ransomware Attackers

An anonymous reader quotes a report from Ars Technica: Three Alabama hospitals have paid a ransomware demand to the criminals who waged a crippling malware attack that’s forcing the hospitals to turn away all but the most critical patients, the Tuscaloosa News reported. As reported last Tuesday, ransomware shut down the hospitals’ computer systems and prevented staff from following many normal procedures. Officials have been diverting non-critical patients to nearby hospitals and have warned that emergency patients may also be relocated once they are stabilized. An updated posted on Saturday said the diversion procedure remained in place. All three hospitals are part of the DCH health system in Alabama. Over the weekend, the Tuscaloosa News said DCH officials made a payment to the people responsible for the ransomware attack. The report didn’t say how much officials paid. Saturday’s statement from DCH officials said they have obtained a decryption key but didn’t say how they obtained it. The statement read in part: “In collaboration with law enforcement and independent IT security experts, we have begun a methodical process of system restoration. We have been using our own DCH backup files to rebuild certain system components, and we have obtained a decryption key from the attacker to restore access to locked systems.

We have successfully completed a test decryption of multiple servers, and we are now executing a sequential plan to decrypt, test, and bring systems online one-by-one. This will be a deliberate progression that will prioritize primary operating systems and essential functions for emergency care. DCH has thousands of computer devices in its network, so this process will take time.

We cannot provide a specific timetable at this time, but our teams continue to work around the clock to restore normal hospital operations, as we incrementally bring system components back online across our medical centers. This will require a time-intensive process to complete, as we will continue testing and confirming secure operations as we go.”