Industry News

Ransomware forces Michigan medical practice to close shop

A doctor’s office in Battle Creek, Michigan was forced into closure after hackers infected its systems with ransomware, compromising everything from patient records to billing information.

Doctors William Scalf and John Bizon reportedly told local TV station Newschannel 3 that ransomware locked up the systems at their co-owned Brookside ENT and Hearing Center. The attackers demanded $6,500 for the decryption keys.

The duo refused to pay the relatively low ransom demand, claiming there was no guarantee the attackers would stick to their end of the bargain, or that they wouldn’t strike again. Instead, they decided to close the clinic.

The FBI has been called in to investigate. With the investigation still ongoing, details are scarce. For example, the ransomware type used in the attack is currently unknown. For some of the most infamous pieces of ransomware, Bitdefender has decryptors to help victims recover their files.

The Newschannel 3 report also reveals a worrying case involving a 13-year old patient whose mother is devastated that her daughter’s medical records are gone. The girl is scheduled for a follow-up after an infection post-surgery.

“What am I going to do now because she just had surgery, who is going to follow up?” said the mother, Ann Ouellette. “I’m going to have to start all over again, they don’t know all of what happened during the surgery.”

It’s a mystery why the two doctors chose not to try and salvage the business by paying the ransom (considering that any medical practice, no matter how small, is most probably worth a lot more than $6,500). Granted, the rule of thumb is to not cave in to the hacker’s demands, but in some situations it’s the only way to get the data back. And when lives are at stake, it’s probably worth considering. Hopefully Brookside ENT and Hearing Center will provide an update on the incident soon.

This just goes to show, again, how big an impact ransomware can have on healthcare institutions and patients. Last year, cyber-criminals bombarded hospitals and clinics with various types of attacks, causing substantial turmoil in the industry. 2019 is projected to follow a similar path, but according to some studies, healthcare institutions are starting to invest more seriously in cyber-defenses.

About the author

Filip TRUTA

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware, and security, and has worked in various B2B and B2C marketing roles. He likes fishing (not phishing), basketball, and playing around in FL Studio.

2 Comments

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Closing up shop sends a clear message, we would rather let people suffer than pay your demands. Which is unfortunately necessary to prevent more of these attacks. As much as I hate that it's necessary, people cannot think that doing this to any medical practice as easy money.

  • Wish we would have the resources to finish the story. As the author points out something does not make sense here and there is likely additional stuff going on, but instead the article runs with a headline claiming root cause