10 Hospitals Held to Ransom by Cyber-Criminals

Written by

Ten hospitals in Australia and the United States have been hit by ransomware attacks since Monday. 

In America, computers at three Alabama hospitals operated by DCH Health System were affected, causing staff to close their doors to any new patients who weren't critically ill. 

In a statement posted on their website earlier today, DCH wrote: "Early Oct 1, the DCH Heath System discovered that it had suffered a ransomware attack that impacted their systems. We immediately implemented emergency procedures to continue providing safe and patient-centered care."

The hospitals affected by the attack are DCH Regional Medical Center in Tuscaloosa, Fayette Medical Center and Northport Medical Center. While access to computer systems remains limited, local ambulances are taking patients to other healthcare providers located nearby. 

Surgeries scheduled for tomorrow will go ahead however outpatients with appointments at any of the three hospitals affected by the ransomware attack are advising to call to confirm before attending. 

Services at seven hospitals and healthcare facilities in Australia have likewise been boggled by ransomware in a separate cyber-attack which struck in Gippsland and south-west Victoria on Monday. 

The impacted hospitals are part of the South West Alliance of Rural Health and also of Gippsland Health Alliance. Multiple computer systems have been disconnected to while the Victorian Cyber Incident Response Service works to resolve the situation. 

Barwon Health, which operates hospitals affected by the attack, said that some elective surgeries and appointments had been cancelled. 

The Victorian government's Department of Premier and Cabinet said: "A number of servers across the state have been impacted. Investigations are still taking place on the full extent of the impact. 

"At this time, there is no suggestion that personal patient information has been accessed."

Commenting on the ransomware attacks, senior director of managed threat response at Sophos, J.J. Thompson, said: "Ransomware is foreseeable and preventable. Organizations need to have effective, advanced protection in place at every state of an attack. The techniques, tactics and procedures that occur prior to a ransomware incident can and should be detected by existing security capabilities and are foundational pillars to the patient care model in healthcare 4.0.

"It’s also important to have off-site backups to reduce the pressure to comply with expensive ransom demands and to be able to recover faster."

What’s hot on Infosecurity Magazine?