Ransomware Attack on DCH Health System Causes Hospitals to Close

Published on October 2, 2019 (Last updated October 8th)

Target: DCH Health System hospitals

Location: Alabama

Type of Attack: Ransomware – Ryuk

  • Ryuk is used for small-scale operations and particularly for targeted attacks. Ryuk attacks are often traced back to email phishing, or poor protection of remote network access.

Total Estimated Cost of Attack: Unknown

What happened: On October 1, 2019, it was reported the DCH hospitals were temporarily closed due to a ransomware attack that was holding their computer systems hostage. The three DCH Regional Medical Centers in Tuscaloosa, Fayette, and Northport closed that morning to everyone except any new patients in critical condition. At the time, the DCH Health System was unsure of the ransom payment amount.

Ambulances in the regions were directed to other hospitals, outpatients were asked to reschedule appointments, and stabilized patients would be moved to alternate hospitals.

Ransomware attacks have been significantly increasing over the last two years. Attackers are focusing on smaller organizations like hospitals since these businesses are less likely to have sophisticated software protection, policies, and training for their staff. This leaves small businesses more vulnerable for attack, and less likely to have a recovery plan in order.

In this situation, it is too soon to know all the repercussions. It was confirmed DCH Health System did hand over the ransom in order to access their computer systems from hackers. However, it can still be days (or even weeks) before the hospitals recover their data systems and obtain normal productivity.


What you can do: 

Be prepared.

  • Train employees on cybersecurity basics, such as password hygiene and ransomware methods such as phishing
  • Ensure you are keeping your software patches up-to-date
  • Have a disaster recovery plan prepared in case of a cyber attack
  • Always maintain current backups of your data

Sources –,

Signup for our monthly newsletter to learn more about Data Protection

By completing and submitting this form, you confirm that you agree to the storing and processing of your personal data by Code42 as described in our Privacy Statement.