The HIPAA Guide - Celebrating 15 Years Online

Michigan Practice to Close Down Due to Ransomware Attack

April 3, 2019HIPAA Breaches, Violations, and Fines0

A ransomware attack on Brookside ENT and Hearing Center located in Battle Creek prompted the Michigan practice to close its doors permanently. The attack on its system resulted in the encryption of patient records, payment details and appointment schedules, rendering the data inaccessible.

The attackers demanded a ransom payment of $6,500 for the key to unlock the encryption. The owners of Brookside ENT and Hearing Center, William Scalf, MD and John Bizon, MD, made the decision not to pay the ransom because there was no guarantee that the attackers would supply a valid key and it was possible that they would be subjected to further extortion attempts after making payment.

Because the ransom demand was not paid, the attackers erased all the files in the system. The owners opted to retire early rather than have to rebuild the practice.

The practice has informed the FBI about the security incident and the FBI investigation indicated the ransomware attack was an isolated incident. There was no evidence found that indicated patient data was viewed or accessed before the files were deleted and so there seems to be no risk to patients. Nevertheless, patients who did not get copies of their healthcare records before the ransomware attack won’t be able to retrieve the records.

That means additional costs for patients as they may need to redo medical tests again. One patient had a surgery and wanted to schedule a follow up consultation when she found out about the loss of her medical records. She now needs to go to another provider and cannot provide any details of the surgical procedure performed.

On April 30, 2019, the practice is set to officially close. Until then, patients can get in touch with practice staff to obtain referrals.

HIPAA
Compliance
Checklist

Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

This ransomware attack stresses the importance of having backup files of all patient data and all backups must be tested to check if data can be recovered. A good backup strategy to adopt is the 3:2:1 backup approach, which involves creating three backup files using two types of media, and storing one copy off site on a non-networked device that cannot be accessed over the internet.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/

Copyright © 2007-2023 The HIPAA Guide       Site Map      Privacy Policy       About The HIPAA Guide