Network security discussed after DCH ransomware breach


CW / Joe Will Field

Update Sunday, Oct. 6: DCH has paid the hackers’s ransom. According to an Alabama Political Reporter article, it is believed the hackers are from Russia and the ransomware used is called Ryuk, which has been used by a Russian hacker group called “WIZARD SPIDER.”

According to a statement released by DCH on Saturday morning, while the hospital uses the decription key from the attackers and continues rebuild their computer system, the hospitals affected – DCH Regional Medical Center, Northport Medical Center and Fayette Medical Center – will remain closed to all but the most critical patients. There is no indication that patients’ files have been stolen or misused.

After a malware breach on the DCH network, UA professors discuss best practices for preventing future breaches.

Three hospitals in the DCH Health system closed doors to all but critical patients following a ransomware breach on Tuesday. 

A statement from DCH Health system revealed that a criminal was limiting computer use in exchange for an unknown payment as of Tuesday morning. All procedures and surgical cases for Wednesday, the release said, will continue as planned. DCH reported that the hospitals have implemented emergency procedures to ensure patient safety if computers are unavailable. 

Diana Dolliver, an associate professor in criminology and criminal justice, said that when ransomware infects a hospital computer network, it becomes a public safety issue.

Ransomware is a type of malicious software that takes control of a system and prevents the user from either accessing the system or accessing data on the system, or both. With just a click of a link or a direct message through a social media platform, an entire network can become infected with the virus. The computer worm or virus usually has a clock and gives the users of the network a certain amount of time to pay a ransom, and if not paid, the virus threatens to delete all the files in the network and system. Ransomware breaches can come from individuals, groups or state organizations. To design such a malware takes a high set of skills.

Dolliver mentioned how ransomware has changed in the last five years. 

“You and I are probably are not going to get infected, but business, police departments, large corporations, hospitals, have been getting hit with ransomware over the years regularly,” Dolliver said. 

What’s changed, she said, is the money that’s being held for ransom. What used to be just in the hundreds, the ransomware is often now in the thousands of dollars.

Once a network is encrypted and infected by the malware, virus or worm, then there is little an institution can do. The best thing people can do is make sure your systems are backed up by what Dolliver calls “cold storage,” or an off-site storage. This way, if a network does get hit by ransomware, the institution can scrub its systems, reload its back-ups and start over from there. 

Dolliver said that many institutions don’t have the capability to back up the files or have a cold storage. The idea even for individuals to entertain the thought of starting their digital information from scratch can be mind boggling, and for an entire hospital network, the feat is even more enormous. 

“If you get hit by ransomware and you don’t have a back-up, your two options are to either pay or start from scratch,” Dolliver said. 

This is what Atlanta hospitals had to do after a ransomware scare in 2018. According to an article by, the city did not pay a $52,000 ransom, but ended up paying 50 times that amount to rebuild its systems. 

According to its website, DCH is a community-owned healthcare system, which means that it is similar in structure to other local entities. As of Wednesday, Oct. 2, it is unclear whether the hospital will pay the ransom. 

Jeffrey Carver, professor of computer science, is the chair of the UA Cyber Initiative. He said that the FBI typically discourages people from paying ransoms to cyber attackers because it may encourage them to commit more crimes. Instead, he said, institutions should take necessary precautions. 

In addition to backing up data, Carver gave some other tips for ensuring network security: 

Keep software updated: Software vendors are constantly patching security vulnerabilities identified in their software. 

People should be very careful about clicking on unknown links in emails or visiting unknown websites. Often times malware enters a system through these avenues. 

Users should never download or open email attachments from unfamiliar senders or if something just doesn’t look right.

In response to the ransomware breach, Tuscaloosa Mayor Walt Maddox issued a statement on Twitter. 

“I am deeply concerned by what has transpired at DCH and its immediate impact on the citizens of Tuscaloosa. Understanding this, @tuscaloosacity is providing the resources of @T_Town_Fire to assist with patient transport, and will provide any assistance upon request.” 

Additionally, The University of Alabama issued an email to students detailing what to do in case of a medical emergency.

“The University of Alabama values health and wellbeing as a top priority for every student, and our Student Health Center and Pharmacy strives to deliver outstanding health care and education,” the statement read. “We are keenly aware of the circumstances at DCH and the potential impact to our students. Please be assured that the Student Health Center remains available to serve students’ healthcare needs.”

The Student Health Center is open Monday through Thursday from 8 a.m. to 8 p.m., Friday from 9 a.m. to 5 p.m., and Saturday through Sunday from 1 to 4 p.m., with the exception of home football games. In the event of an emergency, the UA News statement urged students to contact 911. 

“Our local EMS will respond, evaluate needs and determine the nearest hospital for safe transport,” the statement read. “In the event of a critical emergency, EMS will provide transportation to DCH.”