A ransomware attack on Brookside ENT and Hearing Center located in Battle Creek prompted the Michigan practice to close its doors permanently. The attack on its system resulted in the encryption of patient records, payment details and appointment schedules, rendering the data inaccessible.
The attackers demanded a ransom payment of $6,500 for the key to unlock the encryption. The owners of Brookside ENT and Hearing Center, William Scalf, MD and John Bizon, MD, made the decision not to pay the ransom because there was no guarantee that the attackers would supply a valid key and it was possible that they would be subjected to further extortion attempts after making payment.
Because the ransom demand was not paid, the attackers erased all the files in the system. The owners opted to retire early rather than have to rebuild the practice.
The practice has informed the FBI about the security incident and the FBI investigation indicated the ransomware attack was an isolated incident. There was no evidence found that indicated patient data was viewed or accessed before the files were deleted and so there seems to be no risk to patients. Nevertheless, patients who did not get copies of their healthcare records before the ransomware attack won’t be able to retrieve the records.
That means additional costs for patients as they may need to redo medical tests again. One patient had a surgery and wanted to schedule a follow up consultation when she found out about the loss of her medical records. She now needs to go to another provider and cannot provide any details of the surgical procedure performed.
On April 30, 2019, the practice is set to officially close. Until then, patients can get in touch with practice staff to obtain referrals.
This ransomware attack stresses the importance of having backup files of all patient data and all backups must be tested to check if data can be recovered. A good backup strategy to adopt is the 3:2:1 backup approach, which involves creating three backup files using two types of media, and storing one copy off site on a non-networked device that cannot be accessed over the internet.