Hospital ransomware attacks lead to patients being turned away

Ransomware attacks caused disruption at hospitals in Alabama and Australia this week, including forcing the hospitals in Alabama to turn away noncritical patients.

In total, hospital ransomware attacks hit 10 facilities -- seven in the state of Victoria, Australia, and three in Alabama -- between Monday and Tuesday, disrupting services. There is no indication at this time if the attacks were connected in any way.

The seven hospitals in Australia were part of the Gippsland Health Alliance and of the South West Alliance of Rural Health. Daniel Andrews, premier of Victoria, told reporters that the attacks were discovered on Monday and restricted access to an undisclosed number of systems, including financial systems. The hospital ransomware attacks reportedly did not affect personal patient information but caused disruption with elective surgeries and outpatient care.

The hospitals in Victoria isolated the affected systems and switched to manual systems where possible. The hospitals in Alabama appeared to face more difficulties, however. DCH Health Systems said in a public statement that hospital ransomware attacks hit three locations -- DCH Regional Medical Center in Tuscaloosa, Fayette Medical Center and Northport Medical Center -- but the statement included few details beyond that. The statement was posted Tuesday night and said the attacks occurred "early Oct. 1" but gave no indication which systems were affected. However, patients have been diverted to other hospitals.

"Our hospitals have implemented our emergency procedures to ensure safe and efficient operations in the event technology dependent on computers is not available," DCH Health Systems wrote in the statement. "That said, we feel it is in the best interest of patient safety that DCH Regional Medical Center, Northport Medical Center and Fayette Medical Center are closed to all but the most critical new patients. Our staff is caring for the patients who are currently in the hospital, and we have no plans to transfer current patients."

The amount of ransom being asked of the hospitals in Alabama and Australia is currently unknown.

Marcus Hutchins, a U.K-based researcher working for Kryptos Logic, said on Twitter that the impact of remediation can be high for organizations.

"We're past the point where backups are the solution to ransomware. Today, there's multiple groups who will manually audit your network, destroy any backups found, then simultaneously ransomware every system, even across multiple branches," Hutchins wrote. "When ransomware hits consumers, paying the ransom is just about getting the data back. Business is different. Even if you have offline backups, taking the entire network offline while you reimage every system is going to cost more in lost revenue than paying the ransom."

According to this year's Verizon Data Breach Investigations Report, 2019 marked "the second straight year that ransomware incidents were over 70% of all malware outbreaks in healthcare."

Allan Liska, senior solutions architect at Recorded Future, researched hospital ransomware attacks and found that there had been 117 incidents targeting healthcare providers in the U.S. between Jan. 1, 2016 and Sept. 30, 2019.

Liska added that the difficulties around hospital ransomware attacks are even more complex because "healthcare organizations are at the mercy of their vendors when it comes to patching and updating systems."

"Without other compensating controls, healthcare providers can be an easy target for ransomware actors. Similar to state and local governments, healthcare organizations have rushed to digitize their practices; this often leads to management and security gaps that remain unaddressed until a security event, such as a ransomware attack," Liska wrote in a blog post. "Combine the fact that medical systems are often vulnerable to commonly deployed exploits with the mission-critical nature of healthcare services, they are not just an easy target, but also a very attractive target for ransomware actors."