Security Experts:

Connect with us

Hi, what are you looking for?



Indiana Hospital DeKalb Health Disrupted by Ransomware Attack

Nobody likes to admit to a breach – but when the breach involves ransomware it cannot be denied for long. Visitors cannot access public-facing systems and they they start to ask questions. This is what happened at DeKalb Health, an Auburn, Indiana-based hospital.

Nobody likes to admit to a breach – but when the breach involves ransomware it cannot be denied for long. Visitors cannot access public-facing systems and they they start to ask questions. This is what happened at DeKalb Health, an Auburn, Indiana-based hospital.

“Viewers, have been telling NewsChannel 15 for the last week that DeKalb Health fell victim to this,” reported yesterday. “We visited them Monday to see if it was true. Then a DeKalb Health spokesperson issued this statement: ‘DeKalb Health recently experienced a temporary disruption in the operation of our administrative computer system due to ransomware…'”

The statement makes no mention of any ransom demand, nor any indication on whether a ransom was paid or not. The inference, however, is that no ransom was paid. Without confirmation from DeKalb this remains conjecture. A recent warning the FBI comments, “The FBI doesn’t support paying a ransom in response to a ransomware attack. Said [FBI Cyber Division Assistant Director James Trainor], “Paying a ransom doesn’t guarantee an organization that it will get its data back – we’ve seen cases where organizations never got a decryption key after having paid the ransom.”

Health facilities have been particularly targeted by ransomware in recent months. Perhaps the highest profile attack was against Hollywood Presbyterian Medical Center, based in Los Angeles, where the hospital paid the ransom (reported to have been $17,000). “The quickest and most efficient way to restore our systems and administrative functions,” commented the hospital’s CEO Allen Stefanek, “was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”

Government advice remains that ransoms should not be paid, although there is recognition that each facility has to decide for itself. In conversation with SecurityWeek, Symantec director of product management for security response Kevin Haley recently commented, “My opinion is that when the hospital in California came out and publicly paid a large ransom – well, pretty soon hospitals all over the world were being attacked. There’s a definite repercussion to paying; even beyond making these guys rich and funding their next attack.”

At DeKalb, it appears as if the facility neither paid the ransom nor experienced any catastrophic loss of functionality. There is a lesson here on the value of efficient business continuity planning to cope with ransomware. “In order to best serve and protect our patients, we immediately implemented our standard down time operating procedures designed to ensure the best possible patient care,” says the statement. “In select cases last week, patients were transferred to another hospital and EMS was rerouted to another facility to ensure all of the patients’ medical needs could be met. All patients received excellent care and the highest-caliber treatment.”

Recovery, however, is still not complete. Many, but not all administrative systems are back in operation. 

The matter is now in the hands of “a leading third party forensics firm.” DeKalb says it will release no further information until the investigation is complete, and it can be sure that the information it gives is accurate. At that point we may learn which malware variant was used, how it got into the networks, how it was contained, and whether a ransom was actually paid.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...