Alabama – Last week DCH Health Systems was the subject of a ransomware attack. They are still working to get back to normal. Monday they didn’t have WiFi.
“We’re not yet at the tipping point where we are ready to transition from paper charting and transitioning back to the digital world,” said Brad Fisher, DCH spokesperson.
The hospital is still working to determine exactly how the attackers were able to infiltrate their network. The ransomware attack encrypted the hospital’s network systems so they could not access their servers. Fisher says DCH decided to pay the ransom so they could regain that access.
“We worked with law enforcement and IT security experts. We determined that purchasing a decryption key from the attacker was the best way to expedite the system recovery,” he said.
The hospital won’t say how much the ransom was.
Peoplesec CEO and cybersecurity expert, Joshua Crumbaugh says paying the ransom could have been the cheaper option for DCH.
“I saw a casino in Vegas where they ran into the same thing and they said well we’re not going to pay the hackers. And it cost them multiple millions of dollars to refuse to pay the ransomware when the hackers were only asking for $5,000,” Crumbaugh said.
According to a study from the cybersecurity firm Emsisoft, ransomware has impacted at least 621 entities this year. The total cost of these attacks is estimated to total around $186 million.
Recent reports suggest hackers could be focusing their attacks on less populated areas. Half of the attacks on municipalities at the beginning of the year had a population of 50,000 people or less. That could be bad news for rural areas like Alabama. Especially because Crumbaugh says these attacks are on the rise.
“Especially with small cities and municipalities, this is absolutely just the beginning of what we are going to see,” he stated. “And so they’re the low hanging fruit and hackers have always targeted the low hanging fruit.”
Crumbaugh says the best way to combat these attacks is by opening up your wallet. He says it’s going to take proper staff and better training.
“They don’t have the proper staff and they don’t understand the problem. And so what happens is they make these careless mistakes that anyone with any education would tell them no, don’t do that, but they don’t have the proper staff and so they’re not getting that advice in the first place,” he said.
Scammers use ransomware attack to their advantage
DCH says they will be tightening security in response to the ransomware attack. To add insult to injury scammers are using the cyberattack for their benefit. DCH has received reports of residents getting calls from people posing as hospital staff – asking for their information.
DCH Health Systems says at this time there is no indication patient information was compromised and they would not ever call people to ask for their personal information.