The recent closure of a relatively small-sized medical practice in Michigan as the result of a ransomware attack highlighted what has become a growing problem in the industry with regard to malware and data protection.
Earlier in the year, Dr. William Scalf, MD and Dr. John Bizon, MD were forced to close down the medical practice they shared in Battle Creek – Brookside ENT and Hearing Center – for good after the facility's network and associated medical files were compromised and held for ransom at the hands of one or more hackers, according to the Battle Creek Enquirer.
The hack that ended a small-time practice
Scalf explained to the Enquirer that the FBI told him at the time that there was no guarantee the compromised records would be returned to him, even if he did pay the ransom, so he made the decision not to pay and instead close down.
According to HIPAA Journal, records encrypted and withheld from the doctors at the cost of a $6,500 ransom payment in order to receive an unlock key included patient records, appointment schedules and payment information. After the doctors refused to pay the ransom, the files were deleted and the decision was subsequently made to shutter the facility instead of "rebuild their practice from scratch," HIPAA Journal reported.
Despite the fact that Scalf had reported the incident to the FBI, no arrests were made in connection to the attack – still, authorities advise victims of cyberattacks to always report them, according to the Star-Tribune.
"Much better than paying the ransom, pretending it didn't happen, muddling through – which some hospitals and clinics have done," Todd Carpenter, chief engineer at Adventium Labs, a security firm in Minneapolis told HIPAA Journal, also praising the former Brookside doctors for their decision.
Health care industry highly vulnerable to ransomware
In particular, the health care industry has historically "been low-hanging fruit" for hackers and malware, according to PhoenixNAP Global IT Services, which cited 2018 statistics related to ransomware and medical establishment hacking.
Among other stats, the health care industry was the target of nearly half of all reported ransomware attacks that year, while 90% of organizations recorded increases in ransomware attacks in 2018 compared to 2017.