Regional Health Systems confirmed on Wednesday that it had paid a ransom to hackers responsible for a ransomware attack that crippled hospital operations across the Midwest for two weeks. The attack, attributed to a Russian-speaking cybercriminal group known as DarkVault, encrypted critical patient care systems at 12 hospitals.
The disruption forced hospitals to revert to paper records, cancel thousands of elective procedures, and divert ambulances carrying critical patients to competing facilities. Several patients experienced care delays, though officials have not confirmed whether any deaths resulted from the disruption.
"Paying the ransom was an incredibly difficult decision that went against our security protocols," said Regional Health Systems CEO Dr. Patricia Morgan. "However, protecting the lives and health of our patients had to be our highest priority."
The FBI and Cybersecurity and Infrastructure Security Agency are investigating the attack, which exploited a vulnerability in unpatched server software to gain initial access to the network. Federal officials believe DarkVault operates with tacit approval from Russian intelligence services.
Cybersecurity experts criticized the payment, arguing it would incentivize future attacks on healthcare facilities. "Every ransom payment funds the next campaign," said cybersecurity analyst Marcus Chen. "Healthcare organizations need to invest in prevention and resilience."