Ransomware Attack on Eye Clinic Network Affects Half a Million Patients

On February 8, 2021, Wolfe Eye Clinic in Iowa suffered a ransomware attack that resulted in widespread encryption of data on its network. An investigation was immediately launched into the attack, but due to the complexity of the attack it took four months to complete the forensic investigation and the full scope of the attack was not determined until May 28, 2021. Wolfe Eye Clinic said the clinic refused to pay the ransom and was recovering encrypted data from backups.

Wolfe Eye Clinic operates diagnostic and surgical centers throughout Iowa and serves 40 communities in the state. It is unclear how extensive the attack was and how it affected the ability of the clinic to operate, but Wolfe Eye Clinic has recently confirmed that the forensic investigation revealed the attackers had access to systems that contained the protected health information of approximately 500,000 current and former patients.

It is unclear what information, if any, was exfiltrated from Wolfe Eye Clinic systems prior to the deployment of ransomware. In its breach notice, the clinic said that it is possible that the attackers accessed patient data but to date there have been no reports of any cases of misuse of patient data.

“We discovered that the personal information of certain individuals may have been accessed by an unauthorized third party. For some, this information may include their name, mailing address, date of birth and Social Security number; and for others it may also include protected medical and health information,” said Wolfe Eye Clinic CFO Luke Bland.

The clinic has started sending notification letters to all affected individuals. All potentially impacted individuals are being offered complimentary credit monitoring and identity theft protection services for 12 months.

The healthcare industry has been plagued by ransomware attacks over the past 12 months. Two of the worst attacks were suffered by Netgain Technologies and CaptureRx, both of which affected many healthcare provider clients; however, with 500,000 patients affected, the Wolfe Eye Clinic ranks as one of the worst ransomware attacks on a single healthcare provider.