A Ryuk ransomware attack compromised three hospitals in Alabama’s DCH Health System on Oct. 1, forcing doctors to turn away non-critical patients and obliging ambulances to seek other hospitals.
The attack hit the DCH Regional Medical Center, Northport Medical Center and Fayette Medical Center. A ransom request has yet to be received, but the hospitals have some protocols in place for when the computer system is not available.
“Although the attack has impacted DCH’s ability to accept new patients, we are still able to provide critical medical services to those who need it,” DCH representatives said. A few surgeries that couldn’t wait were performed, and the hospitals advised patients to call before coming in.
All scheduled procedures and tests have been suspended, and it’s not clear when they might resume regular activity. If the DCH Health System chooses not to pay ransom, recovery time depends on the severity and complexity of the attack. Payment of the ransom, however, doesn’t guarantee the attackers will actually hand over the decryption key.
Ransomware attacks against the healthcare system are common, mainly because hospitals usually lack the security infrastructure to deal with such intrusions, employing old and unpatched hardware, and patient data is highly valued by hackers.
Decryptors for some older ransomware exist, but newer ransomware may be impossible to decrypt. The DCH Health System only said that a Ryuk variant was used. According to the security specialists, no information was stolen or lost.
Research shows that healthcare organizations have the most to lose, with an average cost of $408 per lost or stolen record. The cost prompts many organizations to pay the ransom, especially since it could be impossible to decrypt and recover the data.
Unlike the initial waves of ransomware attacks, which included the famous Wannacry, strains such as Ryuk are designed to penetrate smaller enterprises. The hackers’ job is often made easier by outdated hardware systems, unpatched endpoints, and even a complete lack of security solutions.
In the second quarter of 2018, numerous ransomware attacks were reported in the United States, and that’s not counting dozens of other attacks, which usually are just trying to steal patient data.