Alabama health system forced to limit hospital services after ransomware attack

Alabama-based DCH Health System has been forced to limit hospital services to only "the most critical new patients" after it was hit with a ransomware attack.

The health system, which operates hospitals in Tuscaloosa, Fayette and Northport, detected ransomware that affected its systems Oct. 1, the organization said in an updated statement posted to its website Wednesday.

Officials said the health system immediately implemented emergency procedures to continue providing safe care in the event technology dependent on computers was not available.

"That said, we feel it is in the best interest of patient safety that DCH Regional Medical Center, Northport Medical Center and Fayette Medical Center are closed to all but the most critical new patients. Our staff is caring for the patients who are currently in the hospital, and we have no plans to transfer current patients," the health system said.

RELATED: Wyoming health system hit with ransomware attack, diverts ER patients and cancels services

Wyoming health system Campbell County Health (CCH) continues to struggle to get its computer systems back online after being hit with a ransomware attack Sept. 20.

The ransomware affected all 1,500 of the organization’s computers, including its email server. "CCH continues working hard to restore our computer systems so we can resume normal operations," health system officials said in an updated statement posted online Wednesday. "We understand the response to these attacks can be frustrating for everyone in the community, but we have to be methodical in our response, to ensure no remnants of the malware remain on the system."

DCH is notifying patients with nonemergency medical needs to seek assistance from other providers while the hospital system works to restore its systems. Some outpatient procedures are still being conducted at DCH's hospitals.

According to local news source AL.com, the hospital system posted a statement on its website Tuesday about the ransomware attack and said a criminal is limiting the hospitals' ability to use its computer systems in exchange for an "as-yet-unknown payment."

RELATED: Moody's: Cyberattacks could cause significant financial disruption for hospitals

Tim Erlin, vice president of product management and strategy at cybersecurity firm Tripwire, said ongoing ransomware attacks highlight the need for hospitals and health systems to prioritize robust cybersecurity best practices.

“By the time you’re infected with ransomware, it’s too late. But we’re not likely to see news stories about a ransomware attack being successfully prevented either. The reality is that ransomware doesn’t just appear on a system. It has to get there through some other means, whether that’s phishing, a vulnerable system or a combination of those, the key to preventing ransomware infections is to close off the avenues for infection," Erlin said.

“Hospitals have made great strides in reducing infections with basic hygiene, and the same principle applies to cybersecurity. Basic cyber hygiene is key for preventing ransomware infections," he said.