3 sister hospitals still reeling from ransomware attack

Register now

DCH Health System, a three-hospital delivery system in Alabama, continues to struggle with a sophisticated ransomware attack that was launched on Tuesday.

At that time, the organization, which is only accepting critically ill new patients, implemented emergency procedures to be able to continue administering care.

“Patients who have non-emergency medical needs are encouraged to seek assistance from other providers while DCH works to restore its systems,” the organization told the community. “Our staff of local doctors and nurses are responding to the community’s urgent needs and the needs of our existing patients in our hospitals. Rest assured their needs are met, and at this time, patients are not being transferred.”

Also See: FDA issues cyber warning for medical devices, hospital networks

Some outpatient procedures still are being done at the hospitals, but if patients have a scheduled procedure, they are being advised to call to confirm the appointment.

J.J. Thompson, senior director of managed threat response at data security firm Sophos, says the standard of due care is rising and healthcare boards need to act more swiftly in hardening defenses.

“The oath to do no harm takes on significant meaning when we see patients turned away by those they trust to help them in their time of need,” he contends.

“Ransomware is foreseeable and preventable. Organizations need to have effective, advanced protection in place at every state of an attack,” Thompson contends. “The techniques, tactics and procedures that occur prior to a ransomware incident can and should be detected by existing security capabilities.”

Incidents of ransomware are increasing in healthcare, increasing the pressure on healthcare organizations to improve their defenses, says Tim Erlin, vice president of product management and strategy at cybersecurity firm Tripwire.

“By the time you’re infected with ransomware, it’s too late, but we’re not likely to see news stories about a ransomware attack being successfully prevented either,” Erlin says. “The reality is that ransomware doesn’t just appear on a system. It has to get there through some other means, whether that’s phishing, a vulnerable system or a combination of those, the key to preventing ransomware infections is to close of the avenues for infection.

“Hospitals have made great strides in reducing infections with basic hygiene, and the same principle applies to cybersecurity. Basic cyber hygiene is key for preventing ransomware infections.”

For reprint and licensing requests for this article, click here.