Ransomware, Breach, Content

Ryuk Ransomware Attacks 3 Alabama Hospitals

A Ryuk ransomware attack forced three Alabama hospitals to turn away "all but the most-critical new patients," according to BBC. The ransomware attack infected computers at DCH Regional Medical Center, Fayette Medical Center and Northport Medical Center, all of which are operated by DCH Health System.

Following the ransomware attack, outpatients with appointments at any of the three hospitals were told to call before attending their appointments, BBC reported. In addition, local ambulances were told to take patients to other nearby hospitals.

MSSP Alert is checking to see whether the hospital network leverages third-party managed security services provider (MSSP) services.

A Closer Look at the Alabama Hospital Ransomware Attack

The Alabama hospital ransomware attack was discovered Monday, DCH stated. Investigators have determined that Ryuk was used to encrypt files at the three Alabama hospitals, and there is no indication that any patient or employee data has been misused or removed from DCH systems.

After the ransomware attack was discovered, DCH implemented emergency procedures to provide patient care, and it initiated an incident response plan that includes coordination with law enforcement and independent IT security and forensics experts. However, Alabama hospital medical staff have shifted their operations into manual mode and are using paper copies in place of digital records, and they do not have access to patient lists and cannot call to reschedule appointments.

DCH is investigating all options to restore IT systems at the affected hospitals. To date, DCH has not been informed that anyone has been identified or charged in association with the ransomware attack.

What Is Ryuk?

Ryuk was discovered in August 2018. The ransomware often goes undetected for days or months after an initial infection, and it enables a threat actor to identify and attack an organization's critical network systems.

The UK's National Cyber Security Centre (NCSC) in July issued a warning about Ryuk. Furthermore, cybercriminals recently used Ryuk to infect a data center system owned and operated by cloud services provider (CSP) CloudJumper and launched Ryuk attacks across servers from California MSP Data Resolution.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.