Ransomware Attack Disrupts Medical Care in 3 Alabama Hospitals

Three hospitals of the DCH Health System were hit by a ransomware attack on October 1, forcing the medical institutions to turn away noncritical patients while they work to securely restore their affected IT systems. This incident was reported on the same day the Food and Drug Administration (FDA) warned patients, healthcare professionals, and other stakeholders of vulnerabilities that could compromise the security of medical devices and hospital networks.

In a statement, the DCH Health System said that DCH Regional Medical Center, Northport Medical Center, and Fayette Medical Center — all based in Alabama — will continue to provide elective procedures and surgeries. Patients who were already admitted to the hospitals will still be provided with medical care; however, noncritical new patients will have to be redirected to other hospitals while federal authorities work on restoring the affected computer systems.

“A criminal is limiting our ability to use our computer systems in exchange for an as-yet unknown payment,” the DCH Health System added. As of this writing, the DCH Health System has yet to provide more information about the perpetrator and other details surrounding the attack.

Healthcare industry becoming more targeted

IT systems at a number of Australian hospitals and health services in Gippsland and south-west Victoria were also affected by ransomware attacks days ago. Though the government said that no personal patient information has been accessed, a number of systems had to be isolated and disconnected to quarantine the infection.

In the last few months, other healthcare facilities have also fallen victim to ransomware. In August, a healthcare provider in North Philadelphia was hit, disabling its email, patient scheduling, and other functions. In September, a hospital in Wyoming suffered a ransomware attack, causing surgeries and other procedures to be rescheduled as the attack rendered some medical services useless.

Securing internet-connected healthcare systems

The more connected healthcare facilities get, the wider the digital attack surface becomes. This, in turn, attracts cybercriminals, who are always on the prowl for lucrative targets.

In a research conducted by Trend Micro, internet-connected medical-related devices and systems were analyzed, leading to the uncovering of exposed medical systems, healthcare software interfaces, and even misconfigured hospital networks. These exposed systems and devices can be abused by cybercriminals to infect hospitals with operation-halting threats, for example, the ransomware variant that caused the IT system outage in the three DCH Health System hospitals.

To secure internet-connected healthcare systems, organizations should implement an effective defense strategy that assumes compromise and establishes countermeasures:

  • Secure all exploitable avenues to preemptively stop attacks.
  • Ongoing security breaches should be quickly identified and responded to.
  • Any security breach should be contained and the loss of sensitive data should be stopped.
  • To strengthen defenses and prevent repeat incidents, lessons and insights from previous cases should be applied.

Healthcare organizations can also implement network segmentation and encryption technologies and install patch management software and other security solutions to protect systems further.

Users, on the other hand, can follow these best practices to stay protected from ransomware:

  • Avoid opening unverified emails or clicking links embedded in them.
  • Back up important files using the 3-2-1 rule: Create 3 backup copies on 2 different media with 1 backup in a separate location.
  • Regularly update software, programs, and applications to protect against the latest vulnerabilities.

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.