As a serious ransomware attack struck regional Victorian hospitals, similar attacks were targeting regional hospitals in the US. The FBI has now issued a warning to prepare victims for the question of whether to pay up or, in the absence of backups, live with the consequences.
Alabama-based DCH Health System on Wednesday halted intakes except critical new patients at all three of its hospitals as it worked to restore affected systems.
“We immediately implemented emergency procedures to continue providing safe and patient-centered care,” said DCH Health System.
“Patients who have non-emergency medical needs are encouraged to seek assistance from other providers while DCH works to restore its systems.”
DCH Health System facilities include the DCH Regional Medical Center, Northport Medical Center, Fayette Medical Center and Manderson Cancer Center.
The attacks were revealed as news surfaced about similar ransomware attacks on several hospitals in Victoria, Australia that took place on Monday.
The office of Victoria’s Minister for Health said it had take some systems offline, affecting “outpatient appointments and elective surgery”, but it maintained emergency surgery and emergency departments.
The attack impacted Gippsland Health Alliance and the South West Alliance of Rural Health, which are responsible for seven hospitals.
Victoria’s Department of Premier and Cabinet said it was forced to shut down patient record, booking and management systems. Affected hospitals were forced to revert to paper-based systems to access patient histories, charts, and images.
The attacks on Victorian hospitals follows a spate of ransomware attacks on local government organizations in the US.
The US Department of Homeland Security in July told local governments to immediately bolster cyber defenses and backups after ransomware attacks on agencies in Florida, Georgia, North Carolina, California, Maine, and Ohio. Many of the targets were infected with Ryuk ransomware. Some of the attacks involved multi-million dollar ransom demands.
While there is a privacy risk to patient data from these breaches, hospitals face the additional risk that they can't provide healthcare and emergency services. And there’s an existential risk for the affected organization that impacts the availability of healthcare services to the public.
In mid-September California-based Wood Ranch Medical blamed a ransomware attack that occurred on August 10 on its decision to close permanently in December.
The FBI on Wednesday posted its latest advice on how organizations should handle ransom demands.
The agency explicitly does not endorse paying a ransom and explains that doing so emboldens criminals. However, it also encouraged victims that do pay to report the incident to it.
"Regardless of whether you or your organization have decided to pay the ransom, the FBI urges you to report ransomware incidents to law enforcement," the FBI's IC3 center said.
"Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under U.S. law, and prevent future attacks."