Hospital pays for keys to unlock encrypted data after FBI alert

Credit: Illustration 51183542 © Robot100 –

Alabama-based DCH Health System on Saturday revealed it had paid ransomware attackers for decryption keys to unlock data captured by malware at three hospitals. 

The hospital network was attacked last week, along with a Victorian-based hospital group, which limited both healthcare service providers to offering emergency services. 

The attacks preceded an alert from the FBI last week explicitly stating that it does not endorse paying ransomware attackers but still wants victims to report incidents to the agency if a ransom is paid. 

According to security firm Bitdefender, the Alabama provider was affected by the notorious Ryuk ransomware. The Victoria healthcare providers are also reportedly victims of Ryuk. Neither organizations are alone in paying to resolve ransomware, but law enforcement agencies regularly remind potential victims that attackers don’t always deliver decryption keys and the act of paying itself emboldens attackers. 

DCH Health System said it had tested the purchased keys against multiple servers and confirmed they did work, but warned that systems would take some time to come back online and offered no date for when they would.