Michigan practice folds after cyberattackers wipe out all their files

On March 29,  WWMT in Michigan reported:

Hacked and held for ransom by a computer virus, a doctor’s office in Battle Creek was forced to close its doors after, doctors said, they refused to pay and their entire system was wiped out.

Dr. William Scalf told Newschannel 3 ransomware locked up the system at Brookside ENT and Hearing Center and the hackers demanded $6,500 in exchange for a code to access the files.

With no guarantee the code would unlock the files or the hackers wouldn’t come back to ask for more money later, Scalf and his partner, Dr. John Bizon, did not pay the ransom.

All of office’s files, including appointment schedules, payment and patient information was erased, Scalf said.

Read more on WWMT.

There are things about this incident that I don’t yet understand, like:

  1. Did the practice have any backup?  If so, what happened to it or why couldn’t they use it? And if they didn’t have one, why not?
  2. What kind of ransomware was used?
  3. Did the practice have any cyberinsurance that would have covered the ransom payment or part of it? If you don’t have a backup or usable backup that you can rely upon (if that was the case here, and we don’t know that), maybe you should gamble and pay the ransom? It’s a tough call, but isn’t that something insurance should help with?
  4. What did the ransom demand look like? Is this likely to be low-level attackers who bought ransomware on a marketplace with some instructions and did a massive phishing campaign to see who would open links and become victims?  Or is this part of a more organized group of hackers who target their phishing emails after doing research? $6,500 does not strike me as a huge amount when a medical database is involved, which leads me to think that this was a random hit or attack.

Yes, there’s a lot more I’d like to know, but first and foremost, I feel sick inside for what the doctors, staff, and patients are going through.

It’s just not supposed to be this way. What these attackers have done has not only caused economic harm to the doctors and employees, but it has caused harm to patients whose records are no longer available to guide their treatment.  And that is horrifying.

About the author: Dissent