A doctor’s office in Battle Creek, Michigan was forced into closure after hackers infected its systems with ransomware, compromising everything from patient records to billing information.
Doctors William Scalf and John Bizon reportedly told local TV station Newschannel 3 that ransomware locked up the systems at their co-owned Brookside ENT and Hearing Center. The attackers demanded $6,500 for the decryption keys.
The duo refused to pay the relatively low ransom demand, claiming there was no guarantee the attackers would stick to their end of the bargain, or that they wouldn’t strike again. Instead, they decided to close the clinic.
The FBI has been called in to investigate. With the investigation still ongoing, details are scarce. For example, the ransomware type used in the attack is currently unknown. For some of the most infamous pieces of ransomware, Bitdefender has decryptors to help victims recover their files.
The Newschannel 3 report also reveals a worrying case involving a 13-year old patient whose mother is devastated that her daughter’s medical records are gone. The girl is scheduled for a follow-up after an infection post-surgery.
“What am I going to do now because she just had surgery, who is going to follow up?” said the mother, Ann Ouellette. “I’m going to have to start all over again, they don’t know all of what happened during the surgery.”
It’s a mystery why the two doctors chose not to try and salvage the business by paying the ransom (considering that any medical practice, no matter how small, is most probably worth a lot more than $6,500). Granted, the rule of thumb is to not cave in to the hacker’s demands, but in some situations it’s the only way to get the data back. And when lives are at stake, it’s probably worth considering. Hopefully Brookside ENT and Hearing Center will provide an update on the incident soon.
This just goes to show, again, how big an impact ransomware can have on healthcare institutions and patients. Last year, cyber-criminals bombarded hospitals and clinics with various types of attacks, causing substantial turmoil in the industry. 2019 is projected to follow a similar path, but according to some studies, healthcare institutions are starting to invest more seriously in cyber-defenses.