Ransomware’s
Long-Reaching Effects: Physician’s Office Shut done
Physicians are located throughout the nation. These all have
their specialties. As these practices vary in size, their budgets spent on
cybersecurity vary greatly. The rule of thumb, for better or worse, has been
the greater amount spent on cybersecurity the more intricate and hardened the
system is. This, however, has not always been the case.
Recently Brookside ENT and Hearing Center had the pleasure
of managing a successful cybersecurity attack and compromise. This doctor’s office
was located in Michigan. The successful attack initially encrypted the files
and complete computer system for the Brookside ENT and Hearing Center. The
attacker demanded a $6,500 ransom for the decrypt key. The ransom was refused,
which normally is a good route to follow if you have viable backups and/or are
able to recreate the data without a significant issue. Naturally, the attackers
were not exceptionally happy with this response. As a direct result from this, the
entirety of the practice’s computer network was erased. This included all of
the patient files and records. This was, to say the least, a bad situation.
Effect
The medical practice was owned by John Bizon, MD, and William
Scalf, MD. After all the records were erased, the owners decided to retire and
close the practice. Rebuilding the practice’s data and other pertinent information
was simply not worth it for the owners/doctors. This adversely affected the
patients.
The data affected was rather expansive. This included all
the appointment schedules, payment data, and other patient information. On the
bright side, it appears no patient data was accessed and the electronic health
records (EHR) were encrypted. The potential issue with this is the encryption
protocol in place was not published. It is presumed this an industry standard
and not home-rolled or an outdated version.
Incident Response
The FBI was actively investigating the successful attack.
Unfortunately, the attack vector and tools had not been published yet. The data
for this could have been used as a learning tool and case study for others. The
attack could have been a simple phishing attack with the right staff members
clicking on an image or link.
This illustrates the need for purposeful training for the
staff members on the various cybersecurity topics. It is by far too late for
this practice; however, others may learn from this.
Resources
Davis, J. (2019, April 1). Michigan practice to shutter
after hackers delete patient files. Retrieved from https://healthitsecurity.com/news/michigan-practice-to-shutter-after-hackers-delete-patient-files
No comments:
Post a Comment