Healthcare Vendor Pays Ransom After Backup System Failure

Share this article on:

A key vendor of California’s Marin Healthcare District has discovered that having a backup of critical data does not necessarily mean ransomware payments can be avoided. After files were locked by crypto-ransomware, data restoration failed, leaving no alternative but to pay the attackers for a decryption key.

Marin Medical Practices Concepts, Inc., (MMPC) provides a range of business and health care system services for Marin Healthcare District. On July 26, 2016 MMPC discovered that ransomware had been installed on its system preventing access to critical files.

Files encrypted by the ransomware included clinical data, physician’s notes, documentation of physical examinations, vital signs, and clinical histories of patients. The encrypted data had been collected from nine healthcare centers in the Marin Healthcare District between July 11 and July 26, 2016 and corresponded to approximately 5,000 patients. While other data could be recovered, the restoration of those data failed. The only option for recovering the data was to pay the ransom demand and obtain a decryption key from the attackers.

Following the discovery of the attack, a third party computer forensics firm was brought in to conduct an investigation. The firm uncovered no evidence to suggest that any patient health information had been accessed, viewed, or stolen by the attackers. All encrypted data were recovered after payment of the ransom.

The Department of Health and Human Services’ Office for Civil Rights was notified and patients have been sent breach notification letters informing them of the attack, as is required by the Health Insurance Portability and Accountability Act. The incident was also reported to the FBI and state attorney general.

According to a statement issued by Marin Healthcare District CEO Lee Domanico, “Our community can rest assured that the Marin Healthcare District will continue to work side by side with our vendors to ensure that all of our data is protected with today’s most advanced technology to reinforce their security systems against the most aggressive threats.”

This is the second ransomware attack to be reported by a healthcare organization in California in the past week. The University of Southern California’s Keck and Norris Hospital was also attacked with ransomware, although that infection was resolved without a ransom having to be paid.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On