Ransomware Attacks Leave U.S. Hospitals Turning Away Patients

Ransomware attacks have crippled hospitals worldwide, forcing them to turn away patients and cancel surgeries.

A rash of ransomware attacks this week targeted hospitals in the U.S. and Australia. The cyberattacks froze the computer systems of several medical facilities, to the point where they needed to turn away new patients and even cancel surgery appointments.

A ransomware attack, reported on Tuesday, impacts the DCH Health System, a regional hospital and medical complex located in Alabama, and left three satellite hospitals turning away patients. A separate attack disclosed on Monday impacted several regional hospitals in Victoria, Australia. There is no indication that the ransomware attacks are connected.

The DCH Health System, which announced it was hit by ransomware on Tuesday, is a government subdivision that operates a community-owned healthcare system in Alabama, consisting of DCH Regional Medical Center, Northport Medical Center and Fayette Medical Center. These facilities are owned by the public, and the system is operated on behalf of the public by the DCH Health System board of directors.
The three regional hospitals, located in Tuscaloosa, Fayette and Northport, are “closed to all but the most critical new patients,” according to a Tuesday release. The release said that cybercriminals are limiting the hospitals’ abilities to use their computer systems in exchange for an “as-yet unknown payment.”

“Our hospitals have implemented our emergency procedures to ensure safe and efficient operations in the event technology dependent on computers is not available,” according to the release. “That said, we feel it is in the best interest of patient safety that DCH Regional Medical Center, Northport Medical Center and Fayette Medical Center are closed to all but the most critical new patients. Our staff is caring for the patients who are currently in the hospital, and we have no plans to transfer current patients.”

The hospitals said that local ambulances have been instructed to take patients to other hospitals if at all possible. Patients who come to their emergency departments may be transferred to another hospital when they are stabilized, representatives stated.

No further information is currently available. Threatpost has reached out to DCH about how and when the attack started and which specific operations are impacted.

Also this week, a rash of regional hospitals in Victoria, a small mainland state in Australia, were paralyzed by a ransomware attack. The attack also forced some of the hospitals to cancel appointments and surgeries. Impacted hospitals are part of the West Gippsland Healthcare Group (which has six facilities overall) and the South West Alliance of Rural Health (which has 12 hospitals overall). At this point it is unknown how many hospitals are impacted by ransomware.

“The cyber incident, which was uncovered on Monday, has blocked access to several systems by the infiltration of ransomware, including financial management,” according to a Tuesday release by the Department of Premier and Cabinet. “A number of servers across the state have been impacted. Investigations are still taking place on the full extent of the impact. At this time, there is no suggestion that personal patient information has been accessed.”

The department said that at this point, hospitals have isolated a number of systems such as internet to stop the infection – leading to the shutdown of some patient record, booking and management systems, “which may impact on patient contact and scheduling.” In the meantime, hospitals are reverting to manual systems to maintain their services, the department said.

No further information is available regarding the source of the attacks, whether they are connected and what type of ransom has been demanded.

Hospitals continue to be a top concern when it comes to ransomware attacks given the sensitive nature of patient data collected by healthcare facilities.

Last week, California-based Wood Ranch Medical announced that it will shutter operations in December after the provider was unable to recover patient records on the heels of a August ransomware attack.

Ransomware overall continues to be a concern for governments worldwide: The U.S. Senate this week in fact approved new legislation aimed at helping government agencies and private-sector companies combat ransomware attacks. The legislation comes as local governments and schools continue to be hit by sophisticated – and in some cases coordinated – ransomware attacks.

The proposed law, the “DHS Cyber Hunt and Incident Response Teams Act,” authorizes the Department of Homeland Security (DHS) to invest in and develop “incident response teams” to help organizations battle ransomware attacks.  Part of that means that the DHS would create teams to protect state and local entities from cyber threats and restore infrastructure that has been affected by ransomware attacks.

What are the top cyber security issues associated with privileged account access and credential governance? Experts from Thycotic will discuss during our upcoming free Threatpost webinar, “Hackers and Security Pros: Where They Agree & Disagree When It Comes to Your Privileged Access Security.” Click here to register.

Suggested articles