Alabama hospitals have been hit by a massive ransomware attack

A hospital network in Alabama is the latest victim in a rash of ransomware attacks in the U.S.

The attack encrypted files and restricted access to computer systems at DCH Health Systems Regional Medical Center, Northport Medical Center and Fayette Medical Center, DCH said in a statement on Wednesday.

Tuscaloosa, Ala.-based DCH said it is still able to provide critical medical services, but non-emergency patients are being told to seek assistance from other providers while it works to restore its systems.


The medical staff have shifted to manual mode and are using paper copies instead of digital records, while the IT systems are down, DCH added.

Investigators cited the ransomware variant Ryuk as the culprit. Ryuk is used for tailored attacks, according to a description of the ransomware by Check Point Software, a cybersecurity firm.

“Its encryption scheme is…such that only crucial assets and resources are infected in each targeted network with its infection and distribution carried out manually by the attackers,” Check Point said.

Ransomware attacks on hospitals are particularly odious, say experts. “The fact that hackers target hospitals shows they have no remorse for the desperate patients who seek aid,” Felix Rosbach, a product manager at Comforte AG, told Fox News in a statement.

“Hospitals contain some of the most sensitive information we have, such as medical records, payment information and other personally identifiable information,” Rosbach added.

DCH said it is coordinating with law enforcement and will not, at this time, share specifics about the investigations underway or the perpetrator’s demands.

Ransomware runs rampant

In the first nine months of 2019, at least 621 government entities, health care service providers and school districts, colleges and universities were affected by ransomware, Emsisoft, an anti-malware firm, said in a report earlier this week.

“Municipal and emergency services have been interrupted, medical practices have permanently closed, ER patients have been diverted, property transactions halted, the collection of property taxes and water bills delayed, medical procedures canceled, schools closed and data lost,” Emsisoft said, citing high-profile incidents in its report.

A separate report from cybersecurity firm Armor said that in the first nine months of the year, ransomware infections have hit more than 500 U.S. schools.

In June, Lake City, Fla., fell victim to a Ryuk attack. The $460,000 ransom demand was covered by an insurance policy. However, the IT director was fired and not all of the data was recovered.


One month prior, Baltimore was hit by a strain of ransomware called RobinHood. The city refused to pay the $76,000 demanded, but the attack caused widespread disruption in city services and property transactions. The recovery costs have been estimated at $18.2 million.

New Bedford, Mass., was slammed with the largest publicly disclosed ransom demand – $5.3 million –  during an attack in July. The city countered at $400,000 and was subsequently rejected. Recovery costs are estimated at less than $1 million and will be covered by insurance.