HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Healthcare Vendor Pays Ransom After Backup System Failure

A key vendor of California’s Marin Healthcare District has discovered that having a backup of critical data does not necessarily mean ransomware payments can be avoided. After files were locked by crypto-ransomware, data restoration failed, leaving no alternative but to pay the attackers for a decryption key.

Marin Medical Practices Concepts, Inc., (MMPC) provides a range of business and health care system services for Marin Healthcare District. On July 26, 2016 MMPC discovered that ransomware had been installed on its system preventing access to critical files.

Files encrypted by the ransomware included clinical data, physician’s notes, documentation of physical examinations, vital signs, and clinical histories of patients. The encrypted data had been collected from nine healthcare centers in the Marin Healthcare District between July 11 and July 26, 2016 and corresponded to approximately 5,000 patients. While other data could be recovered, the restoration of those data failed. The only option for recovering the data was to pay the ransom demand and obtain a decryption key from the attackers.

Following the discovery of the attack, a third party computer forensics firm was brought in to conduct an investigation. The firm uncovered no evidence to suggest that any patient health information had been accessed, viewed, or stolen by the attackers. All encrypted data were recovered after payment of the ransom.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The Department of Health and Human Services’ Office for Civil Rights was notified and patients have been sent breach notification letters informing them of the attack, as is required by the Health Insurance Portability and Accountability Act. The incident was also reported to the FBI and state attorney general.

According to a statement issued by Marin Healthcare District CEO Lee Domanico, “Our community can rest assured that the Marin Healthcare District will continue to work side by side with our vendors to ensure that all of our data is protected with today’s most advanced technology to reinforce their security systems against the most aggressive threats.”

This is the second ransomware attack to be reported by a healthcare organization in California in the past week. The University of Southern California’s Keck and Norris Hospital was also attacked with ransomware, although that infection was resolved without a ransom having to be paid.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.