Cyber Incident Victim: DCH Regional Medical Center
Date:
Sep 2019
Location:
United States of America
Summary
A ransomware attack severely disrupted operations across three hospitals within the DCH Health System, including DCH Regional Medical Center in Tuscaloosa, forcing them to close to all but the most critical new patients. Emergency protocols were activated as the attack paralyzed computer systems, requiring ambulances to divert patients elsewhere and prompting potential transfers of stabilized individuals from emergency rooms. The incident involved encryption of data by malware, with attackers demanding an unspecified ransom payment for decryption keys, though officials noted emergency procedures ensured continued safe operations despite the loss of technology-dependent systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around September 30, 2019, the DCH Health System, comprising DCH Regional Medical Center in Tuscaloosa, Northport Medical Center, and Fayette Medical Center, experienced a ransomware attack that paralyzed its computer systems. The attack forced all three hospitals to close to new patients by October 1, accepting only the most critically ill individuals. Emergency protocols were activated as the hospitals lost access to technology-dependent systems, significantly disrupting normal operations. Ambulance services were instructed to divert patients to unaffected facilities whenever possible, while emergency room arrivals faced potential transfers to other hospitals after stabilization. Hospital officials publicly confirmed the incident was a criminal act involving ransomware, explicitly stating the attackers demanded payment in exchange for restoring system access, though the specific ransom amount and cryptocurrency demanded were not disclosed.
The ransomware encrypted critical data storage and operational systems, though technical details about the malware variant remained unconfirmed. DCH implemented emergency procedures to maintain safe patient care without computer support, though the attack’s scope prevented routine admissions or non-urgent services. No information was provided regarding backup system viability or whether decryption without paying the ransom was feasible. Concurrently, seven hospitals in Australia faced a separate ransomware incident with similar disruptions, though no evidence suggested a direct connection to the Alabama attack. DCH’s public communications emphasized operational continuity under emergency protocols but did not specify remediation timelines, payment status, or whether patient data was accessed or exfiltrated during the incident.