DCH pays hackers

The DCH Health System has made a payment to the hackers responsible for the crippling attack on its computer system that's impacted operations at its three hospitals since early Tuesday morning.

Hospital officials haven't revealed how much was paid, but said in a statement Saturday that teams are working around the clock to restore normal hospital operations.

"We worked with law enforcement and IT security experts to assess all options in executing the solution we felt was in the best interests of our patients and in alignment with our health system's mission," system spokesman Brad Fisher said Saturday morning. "This included purchasing a decryption key from the attackers to expedite system recovery and help ensure patient safety. For ongoing security reasons, we will be keeping confidential specific details about the investigation and our coordination with the attacker."

There has been no evidence that patient or employee data was affected, he said.

On Friday, UAB Medicine revealed that patient information for nearly 20,000 people was exposed during a data breach in August. Hackers unsuccessfully attempted to divert automatic payroll deposits to their own account in the breach that predated and is unrelated to the attack on DCH systems.

The ransomware attack encrypted electronic files at the Tuscaloosa, Northport and Fayette hospitals, forcing staff to use a manual paper system to track patient data. All but the most critically ill or injured new patients have been sent to hospitals in Birmingham or Mississippi. Care of the existing patients was not compromised, officials said. New patients will continue to be diverted at least through the weekend, and there's no timetable of when the system will be restored.

The system posted a message on its website Saturday morning:

"In collaboration with law enforcement and independent IT security experts, we have begun a methodical process of system restoration. We have been using our own DCH backup files to rebuild certain system components, and we have obtained a decryption key from the attacker to restore access to locked systems.

"We have successfully completed a test decryption of multiple servers, and we are now executing a sequential plan to decrypt, test and bring systems online one-by-one. This will be a deliberate progression that will prioritize primary operating systems and essential functions for emergency care. DCH has thousands of computer devices in its network, so this process will take time.

"We cannot provide a specific timetable at this time, but our teams continue to work around the clock to restore normal hospital operations, as we incrementally bring system components back online across our medical centers. This will require a time-intensive process to complete, as we will continue testing and confirming secure operations as we go.

 "As we complete this process, all three hospitals will continue to be on diversion for all but most critical patients through the weekend. Our Emergency Departments will continue to see patients who bring themselves to the hospital.

"We expect to be making additional announcements in the coming days, as key systems are restored and more patient services resume. Meanwhile, we are grateful for the dedication and professionalism of our staff, as they continue using our emergency downtime procedures to provide safe and patient-centered care."