On Oct. 1, DCH’s hospitals in Tuscaloosa, Northport, and Fayette were temporarily closed due to a breach in its computer system. The source of the breach was a cyber attack from an unknown group asking for money in exchange for access to the hospital’s patient records. Because of this attack, DCH refused to admit new patients to their hospitals and instead chose to reroute them to hospitals in Birmingham and Mississippi.
“Our hospitals have implemented our emergency procedures to ensure safe and efficient operations in the event technology dependent on computers is not available,” a message posted on DCH’s website stated. “That said, we feel it is in the best interest of patient safety that DCH Regional Medical Center, Northport Medical Center and Fayette Medical Center are closed to all but the most critical new patients. Our staff is caring for the patients who are currently in the hospital, and we have no plans to transfer current patients.”
On Oct. 5, DCH paid an undisclosed amount of money to the hackers and was able to regain access to its records once again.
While DCH spokesman, Brad Fisher stated that no employee or patient data had been stolen, patients aren’t buying it. They are filing a class-action lawsuit against DCH, alleging that DCH maintained their private information in “a reckless manner” and did not properly monitor its computer network to ensure that the ransomware attack was discovered sooner.
“Because of the Ransomware Attack, Plaintiffs and class members had their medical care and treatment as well as their daily lives disrupted,” the complaint stated. “As a consequence of the ransomware locking down the medical records of Plaintiffs and class members, Plaintiffs and the class members had to forego medical care and treatment or had to seek alternative care and treatment.”
“As a result of the Ransomware Attack, Plaintiffs and class members have been exposed to a heightened and imminent risk of fraud and identity theft,”
“Plaintiffs and class members must now and in the future closely monitor their financial accounts to guard against identity theft.”
However, Fisher denies this all together. “They just basically found a way to put the computer systems out of business until you pay them money and they give you the code,” Fisher told CBS 42.