Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Indiana Hospital DeKalb Health Disrupted by Ransomware Attack

Nobody likes to admit to a breach – but when the breach involves ransomware it cannot be denied for long. Visitors cannot access public-facing systems and they they start to ask questions. This is what happened at DeKalb Health, an Auburn, Indiana-based hospital.

Nobody likes to admit to a breach – but when the breach involves ransomware it cannot be denied for long. Visitors cannot access public-facing systems and they they start to ask questions. This is what happened at DeKalb Health, an Auburn, Indiana-based hospital.

“Viewers, have been telling NewsChannel 15 for the last week that DeKalb Health fell victim to this,” reported Wane.com yesterday. “We visited them Monday to see if it was true. Then a DeKalb Health spokesperson issued this statement: ‘DeKalb Health recently experienced a temporary disruption in the operation of our administrative computer system due to ransomware…'”

The statement makes no mention of any ransom demand, nor any indication on whether a ransom was paid or not. The inference, however, is that no ransom was paid. Without confirmation from DeKalb this remains conjecture. A recent warning the FBI comments, “The FBI doesn’t support paying a ransom in response to a ransomware attack. Said [FBI Cyber Division Assistant Director James Trainor], “Paying a ransom doesn’t guarantee an organization that it will get its data back – we’ve seen cases where organizations never got a decryption key after having paid the ransom.”

Health facilities have been particularly targeted by ransomware in recent months. Perhaps the highest profile attack was against Hollywood Presbyterian Medical Center, based in Los Angeles, where the hospital paid the ransom (reported to have been $17,000). “The quickest and most efficient way to restore our systems and administrative functions,” commented the hospital’s CEO Allen Stefanek, “was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”

Government advice remains that ransoms should not be paid, although there is recognition that each facility has to decide for itself. In conversation with SecurityWeek, Symantec director of product management for security response Kevin Haley recently commented, “My opinion is that when the hospital in California came out and publicly paid a large ransom – well, pretty soon hospitals all over the world were being attacked. There’s a definite repercussion to paying; even beyond making these guys rich and funding their next attack.”

At DeKalb, it appears as if the facility neither paid the ransom nor experienced any catastrophic loss of functionality. There is a lesson here on the value of efficient business continuity planning to cope with ransomware. “In order to best serve and protect our patients, we immediately implemented our standard down time operating procedures designed to ensure the best possible patient care,” says the statement. “In select cases last week, patients were transferred to another hospital and EMS was rerouted to another facility to ensure all of the patients’ medical needs could be met. All patients received excellent care and the highest-caliber treatment.”

Recovery, however, is still not complete. Many, but not all administrative systems are back in operation. 

The matter is now in the hands of “a leading third party forensics firm.” DeKalb says it will release no further information until the investigation is complete, and it can be sure that the information it gives is accurate. At that point we may learn which malware variant was used, how it got into the networks, how it was contained, and whether a ransom was actually paid.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.