DCH Health System was compelled to close its doors to new patients, except those in critical condition, in three of its hospitals in Alabama because of a ransomware attack.
Because of the attack, the personnel in DCH Regional Medical Center in Tuscaloosa, Fayette Medical Center and Northport Medical Center cannot access the computer systems, which began in the morning of October 1, 2019.
An unknown person blocked access to the DCH systems to demand an undisclosed amount of money in exchange for the keys to unlock the encrypted files. It is presently unknown if the hospital or its insurance provider will give the ransom demand or if it will restore the systems from backups. Selected systems are already back online but with limited access.
All three hospitals implemented emergency procedures to make sure that healthcare functions can continue daily. The hospitals are caring for current patients and are accepting critical patients. However, people allotted to have outpatient procedures or tests were instructed to call prior to going to the procedure. Ambulances carrying patients are advised to take the patients to another facility when possible.
Email Security Breach at Kaiser Permanente
Kaiser Permanente is notifying some members that a security breach in August 12, 2019 resulted in the compromise of the email account of an employee by an unknown person. Kaiser Permanente knew about the breach on August 19. According to the investigation results, the unknown person had access to the account for 13 hours.
The investigators didn’t find any proof that indicates the attacker viewed or exfiltrated sensitive data from the email system. There is also no report received that indicate the misuse of any PHI.
There was no Social Security number contained in the compromised email account. Only the following protected health information (PHI) were included: name, birth date, age, gender, date(s) of service, name of provider, provider comments, name of payor, diagnoses, health history, benefit details, insurance coverage status, treatment data, procedure details, and service provided.
Individuals affected by the breach were cautioned to keep track of their explanation of benefits statements to see if there is any suspicious activity. Currently, the number of members affected by the breach is still unclear.