Alabama Hospitals Pay Criminals for Decryption Key after
Ransomware Attack
Alabama’s DCH Health System chose to pay a ransom after a
ransomware attack last week prompted the shutdown of three hospitals, denying healthcare
to patients and forcing staff to turn away ambulances. The hospitals resume
their work Monday, October 7.
When a
Ryuk ransomware strain hit the DCH Regional Medical Center, Northport
Medical Center and Fayette Medical Center, the effects were immediate. Since
the hospital staff had no access to computers, they had to turn away
complicated cases and reschedule any non-vital operations.
Severe ransomware attacks don’t just lock a few systems
here and there. If it were just a matter of access to patient’s charts, the
damage wouldn’t be so evident. Attackers often cut access to other critical
diagnosing devices, like an MRI, which is controlled by a computer. Lives are at
risk.
Initial reports
from DCH states that system restoration had started and they were using backup
files to rebuild parts of the affected infrastructure. DCH said they managed to
obtain a decryption key from the attacker, but there was no mention of payment.
That aspect was cleared up by a DCH spokesperson, for The Tuscaloosa News.
“We worked with law enforcement and IT security experts
to assess all options in executing the solution we felt was in the best
interests of our patients and in alignment with our health system’s mission,”
spokesman Brad Fisher said
over the weekend.
“This included
purchasing a decryption key from the attackers to expedite system recovery and
help ensure patient safety. For ongoing security reasons, we will be keeping
confidential specific details about the investigation and our coordination with
the attacker.”
Hospitals are prime targets for ransomware attacks as
they usually use old software and hardware, and the data encrypted is the most
valuable, with an average cost of $408
per lost or stolen record.
In ransomware attacks, there’s always a strong
possibility that intruders won’t send a decryption key, even when a payment is
made. The DCH Health System attack reveals once more why the cost of securing
systems is not as high as people might suspect. Whatever the size of the
ransom, it’s still a lot more than using a dedicated security solution to
prevent attacks in the first place.