A ransomware attack can prove costly to resolve. That cost was not deemed worth it by one Michigan practice, which has now permanently closed its doors.
The ransomware encrypted the system at Brookside ENT and Hearing Center in Battle Creek which housed patient records, appointment schedules, and payment information rendering the data inaccessible.
The attackers claimed to be able to provide a key to unlock the encryption, but in order to obtain the key to decrypt files, a payment of $6,500 was required.
The two owners of the practice, William Scalf, MD and John Bizon, MD, decided not to pay the ransom as there was no guarantee that a valid key would be supplied and, after paying, the attackers could simply demand another payment.
Since no payment was made, the attackers deleted all files on the system ensuring no information could be recovered. The partners decided to take early retirement rather than having to rebuild their practice from scratch.
The FBI was alerted to the security incident and explained that this appeared to be an isolated attack. No patient data appeared to have been viewed or accessed prior to files being deleted so there is not believed to be any risk to patients; however, patients who had not obtained copies of their medical records prior to the ransomware attack will have lost all records stored by the practice.
That will naturally come at a cost to some patients, who may have to have medical tests performed for a second time. One patient at the practice told WWMT that her daughter had had surgery and she was attempting to schedule a follow up appointment when she discovered that her medical records have been lost. She must now visit another provider, but that provider will have no details about the surgical procedure.
The practice will officially close on April 30, 2019, until which point, patients can contact staff at the practice who will provide referrals.
The incident highlights just how important it is to ensure backups of all data are made. All backups must be tested to ensure they have not been corrupted and file recovery is possible.
A good best practice to adopt is the 3:2:1 approach. Create three backup copies, on two different types of media, and store one copy securely off site on an air-gapped device – One that is not networked or accessible over the internet. In the event of a ransomware attack, systems may be taken out of action and computers may need to have software reinstalled, but at least no data will be lost.