Share this article on:
DCH Health System has been forced to close all three of its Alabama hospitals for all but critical new patients following a ransomware attack.
The attack prevented staff at DCH Regional Medical Center in Tuscaloosa, Northport Medical Center, and Fayette Medical Center from accessing computer systems, which were taken out of action as a result of the attack which commenced in the early hours of Tuesday, October 1, 2019.
Emergency procedures were implemented at all three hospitals to ensure day to day healthcare operations could continue and care is continuing to be provided to patients currently at the hospital. Critical patients are being accepted, but individuals scheduled for outpatient procedures or tests have been advised to call before attending. Ambulance services have been advised to take patients to alternate facilities if possible.
The health system started using backup files to restore certain system components which allowed those systems to be brought back online. DCH Health System also purchased the decryption keys from the attacker.
“We worked with law enforcement and IT security experts to assess all options in executing the solution we felt was in the best interests of our patients and in alignment with our health system’s mission,” said DCH spokesperson Brad Fisher. “This included purchasing a decryption key from the attackers to expedite system recovery and help ensure patient safety. For ongoing security reasons, we will be keeping confidential specific details about the investigation and our coordination with the attacker.”
It is unclear how much was paid for the keys to unlock the encryption. Even though the keys are now being used, the recovery process is expected to take some time as recovering files, testing systems, and confirming those systems are secure is a time-intensive process.
Kaiser Permanente Alerts Certain Members to Email Security Breach
Kaiser Permanente is alerting certain members about an August 12, 2019 security breach that resulted in the email account of an employee of a provider being compromised by an unknown individual. Kaiser Permanente was alerted to the breach on August 19. The investigation revealed the account was compromised for a period of 13 hours.
The investigation did not uncover any evidence to suggest sensitive information had been viewed by the attacker or exfiltrated from the email system, and no reports have been received to suggest any PHI has been misused.
The compromised email account did not include any Social Security numbers, only the following types of PHI: name, age, date of birth, gender, date(s) of service, provider name, provider comments, payor name, diagnoses, medical history, benefit information, insurance coverage status, treatment information, procedure information, and service provided.
Affected individuals have been advised to monitor their explanation of benefits statements for signs of suspicious activity. It is currently unclear how many members have been affected by the breach.