Hospitals Resume Accepting Patients After Malware Attack

An Alabama hospital chain that quit accepting new patients after a malware attack crippled computer systems said it has resumed normal operations after paying a ransom demand.

The DCH Health System said its hospitals in the west Alabama cities of Tuscaloosa, Northport and Fayette resumed admitting patients Thursday, and its imaging and patient scheduling services were going back online Friday.

The system said key operations were back to normal 10 days after a ransomware attack encrypted information and prevented its computer systems from communicating with each other. The hospitals kept treating people, but new patients were sent to alternative locations in Birmingham or Mississippi.

The company hasn’t said how much ransom it paid to regain control of its systems, but an executive said insurance covered the cost.

“We had to gain access to our system quickly and gain the information it was blocking,” chief operating officer Paul Betz told a news conference. “As time goes by, and we determine the full impact of this, we will be very grateful we had cyber insurance in place.”

The hospitals said hackers used the ransomware variant Ryuk to lock its files, but the hack didn’t compromise the care of patients. Workers reverted to using paper files, and law enforcement is investigating the attack.

A statement from the system said workers were still restoring some nonessential systems including email and were trying to get programs operating at full speed.

The three hospitals admitted more than 32,000 patients last year.

Related: Medical Practice Closing Permanently After Ransomware Attack