Alabama's DCH Health System chose to pay ransom after hackers disrupted their computer systems and threatened to shutdown their services. 

According to the DCH Health System web site, DCH responded "to a ransomware attack that disrupted access to computer systems at DCH Regional Medical Center, Northport Medical Center and Fayette Medical Center." The attack impacted DCH’s ability to accept new patients, but they were still able to provide critical medical services to those who needed it. Patients who had non-emergency medical needs were encouraged to seek assistance from other providers while DCH worked to restore their systems. 

Upon discovery of the incident, DCH immediately "implemented emergency procedures to continue providing safe and patient-centered care, and initiated a comprehensive response that included coordination with law enforcement and engaging independent IT security and forensics experts" who worked to resolve the threat. "While IT systems are down, medical staff have shifted operations into manual mode and are using paper copies in place of digital records to provide safe care to patients," said DCH.

Days later, DCH resumed their services after officials paid the ransom and obtained the decryption key from the attackers. "We have successfully completed a test decryption of multiple servers, and we are now executing a sequential plan to decrypt, test and bring systems online one-by-one. This will be a deliberate progression that will prioritize primary operating systems and essential functions for emergency care. DCH has thousands of computer devices in its network, so this process will take time. As we complete this process, all three hospitals will continue to be on diversion for all but most critical patients through the weekend. Our Emergency Departments will continue to see patients who bring themselves to the hospital," said DCH.