Alabama Hospital System Halts Admissions Amid Malware Attack

A hospital system that serves a large part of rural west Alabama temporarily quit accepting new patients after a ransomware attack crippled some of its computer systems Tuesday.

Brad Fisher, a spokesman for DCH Health System, said its hospitals in Tuscaloosa, Northport and Fayette began diverting most new patients to Birmingham and elsewhere after the attack became apparent in the pre-dawn hours.

The most critically ill new patients were still being treated, he said, and officials didn’t anticipate having to discharge patients because of the attack.

Ransomware software made it impossible for some computer systems to communicate with each other, but no patient data was believed to be lost, Fisher said. Medical staff members had to use paper copies in place of digitized records.

“Your nurse can chart on you and that information is still there,” he said. “But things like being able to take images and making them available to be read, that sort of thing … has been truncated.”

It was unclear how much money the hackers were demanding to relinquish control, but both the FBI and Secret Service were contacted and federal agents were on the way, he said.

The three hospitals have about 850 beds total and admitted more than 32,000 patients last year. Surgeries were being performed as normal, and a decision would be made on what to do about procedures set for Wednesday and later, Fisher said.

Ransomware typically involved hackers installing malicious software on a computer network and demanding money in exchange for releasing information. Such attacks have become much more common since cryptocurrency made it easier for hackers to receive and spend money.

Fisher said it wasn’t clear how the hospitals’ common computer system was attacked.

Related: Medical Practice Closing Permanently After Ransomware Attack