Michigan practice folds after cyberattackers wipe out all their files

On March 29,  WWMT in Michigan reported:

Hacked and held for ransom by a computer virus, a doctor’s office in Battle Creek was forced to close its doors after, doctors said, they refused to pay and their entire system was wiped out.

Dr. William Scalf told Newschannel 3 ransomware locked up the system at Brookside ENT and Hearing Center and the hackers demanded $6,500 in exchange for a code to access the files.

With no guarantee the code would unlock the files or the hackers wouldn’t come back to ask for more money later, Scalf and his partner, Dr. John Bizon, did not pay the ransom.

All of office’s files, including appointment schedules, payment and patient information was erased, Scalf said.

Read more on WWMT.

There are things about this incident that I don’t yet understand, like:

  1. Did the practice have any backup?  If so, what happened to it or why couldn’t they use it? And if they didn’t have one, why not?
  2. What kind of ransomware was used?
  3. Did the practice have any cyberinsurance that would have covered the ransom payment or part of it? If you don’t have a backup or usable backup that you can rely upon (if that was the case here, and we don’t know that), maybe you should gamble and pay the ransom? It’s a tough call, but isn’t that something insurance should help with?
  4. What did the ransom demand look like? Is this likely to be low-level attackers who bought ransomware on a marketplace with some instructions and did a massive phishing campaign to see who would open links and become victims?  Or is this part of a more organized group of hackers who target their phishing emails after doing research? $6,500 does not strike me as a huge amount when a medical database is involved, which leads me to think that this was a random hit or attack.

Yes, there’s a lot more I’d like to know, but first and foremost, I feel sick inside for what the doctors, staff, and patients are going through.

It’s just not supposed to be this way. What these attackers have done has not only caused economic harm to the doctors and employees, but it has caused harm to patients whose records are no longer available to guide their treatment.  And that is horrifying.

About the author: Dissent

4 comments to “Michigan practice folds after cyberattackers wipe out all their files”

You can leave a reply or Trackback this post.
  1. Anonymous - April 2, 2019

    ….. So… I would of paid the ransom rather then closing down the business entirely. $6,500….

  2. Mike - April 2, 2019

    Dr. Scalf graduated from Indiana University School of Medicine Indianapolis in 1981 and has been in practice for 38 years.
    Maybe he’s ready to retire. Maybe it’s better to fold the practice rather than deal with potential lawsuits.

    I agree that 6,500.00 is cheap. I personally know of 40,000.00 plus attacks that were paid. That said, we aren’t privy to the costs for mitigation and replacement of existing equipment. For example, he may have perfectly functioning medical devices that only run on XP, but replacing them would be 1,000.00 for a new computer and 75,000.00 for the new medical equipment that the new computer runs.

    It’s completely normal for medical device manufacturers to stop supporting an older medical machines on newer versions of Windows.

    Plus there are the consultant fees for the hours and hours of labor to rebuild everything from scratch.

    So there is likely a lot more that we aren’t aware of that went into the decision to fold. It’s sad. Hopefully others can learn from this tragedy.

    • Dissent - April 3, 2019

      If you know of that many attacks that were paid, please get in touch with me. I’d like to know more.

      • mike - April 5, 2019

        My apologies. My comment of 40,000.00 plus attacks should have read $40,000.00 – as in dollars.
        I did not intend to say I know of 40,000 individual attacks.

Comments are closed.