A ransomware attack can prove expensive and sometimes impossible to resolve if proper measures are not taken. Both were deemed the case for one Michigan practice, that is now permanently closing its doors.
The ransomware encrypted the system at Brookside ENT and Hearing Center in Battle Creek which housed patient records, appointment schedules, and payment information rendering the data inaccessible.
The attackers claimed to be able to provide a key to unlock the encryption, but in order to obtain the key to decrypt files, a payment of $6,500 was required.
The two owners of the practice, William Scalf, MD and John Bizon, MD, decided not to pay the ransom as there was no guarantee that a valid key would be supplied and, after paying, the attackers could simply demand another payment.
Since no payment was made, the attackers deleted all files on the system ensuring no information could be recovered. The partners decided to take early retirement rather than having to rebuild their practice from scratch.
The FBI was alerted to the security incident and explained that this appeared to be an isolated attack. No patient data appeared to have been viewed or accessed prior to files being deleted so there is not believed to be any risk to patients; however, patients who had not obtained copies of their medical records prior to the ransomware attack will have lost all records stored by the practice.
That will naturally come at a cost to some patients, who may have to have medical tests performed for a second time. One patient at the practice told the reporter that her daughter recently had surgery and she was attempting to schedule a follow up appointment when she discovered that her medical records have been lost. She must now visit another provider, but that provider will have no details about the surgical procedure.
The practice will officially close on April 30, 2019, until which point, patients can contact staff at the practice who will provide referrals.
The incident highlights just how important it is to ensure security measures are in place and backups of all data are made. All backups must be tested to ensure they have not been corrupted and file recovery is possible.
Contact us below to establish a security and continuity plan that’s suitable for your organization. In the event of a ransomware attack, systems may be taken out of action and computers may need to have software reinstalled, but at least no data will be lost.