Industry News

Clinic hit by ransomware recovers in hours thanks to solid incident response plan

Maffi Clinics, a chain of plastic surgery clinics in the United States, is notifying patients about a ransomware incident that briefly affected its systems. Unlike most cases involving ransomware, though, this one didn’t leave a scar, illustrating the power of strong security protocols.

According to the breach notice, Maffi encountered “unusual activity” on one of its servers in September last year. The chain immediately instated its incident response plan and shut down its systems to eliminate the chance of any malware spreading through its systems. As it turned out, the administrators’ hunch was correct: the clinic had just received a dose of ransomware.

“We immediately instituted our security breach protocols which involved shutting down all of our computers and servers,” the firm said. “Within hours of discovering the activity, an independent IT consulting firm was onsite at Maffi Clinics and determined that an unidentified source had gained remote access to our server and installed ransomware.”

Within about five hours, the incident was contained and all data was restored. In other words, the clinic denied the attackers the ransom and escaped unscathed. The clinic nonetheless emailed all patients whose information was subjected to the attack out of an abundance of caution. Under the Health Insurance Portability and Accountability Act (HIPAA), Maffi fulfilled its legal obligation to acknowledge the breach, and notified the US Department of Health and Human Services (HHS).

The same notice reveals that Maffi has since implemented and continually evaluated additional safeguards to prevent a similar incident in the future. Nevertheless, the clinic advises patients to keep an eye on their bank accounts for any signs of identity theft, just in case.

“If you detect any suspicious activity on any of your accounts, you should promptly notify the financial institution or company with which the account is maintained,” the breach notice adds. “You should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities.”

About the author


Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.