Another Day, Another Doctor

3408279690?profile=RESIZE_710xOn 7 June 2019, Park Duvalle Community Health Center, located in Louisville, KY, was hit with a ransomware outbreak that significantly hindered patient care and hospital administration. Park Duvalle is a nonprofit facility providing care for uninsured and low-income patients.  Since the attack, Park Duvalle has been recovering their systems and does not anticipate functionality until 1 August 2019 taking them offline for a total of approximately 2 months.

In April 2019, Park Duvalle Community Health Center (PDCHC) was targeted with an unspecified variant of ransomware which encrypted files on their network and requested a ransom in exchange for decrypting the files.  After consideration, the staff at PDCHC restore files from backups, to avoid paying any ransom.  At the time it took PDCHC 3 weeks to restore their files from their backup and make the network fully functional.

Although the ransom was not paid after the first ransomware attack, PDCHC was targeted a second time with ransomware; this attack was activated in June 2019.  Upon activation, the attackers requested a payment of approximately $70,000 worth of Bitcoin.

After contacting law enforcement and a third-party security vendor, Park Duvalle Health Center decided to pay the ransom to decrypt the data instead of restoring their data from backups.

Link to full report: TR-19-214-001 Park Duvalle_FINAL.pdf