Industry News

Ransomware forces Michigan medical practice to close shop

Brookside Medical Center | Credits:

A doctor’s office in Battle Creek, Michigan was forced into closure after hackers infected its systems with ransomware, compromising everything from patient records to billing information.

Doctors William Scalf and John Bizon reportedly told local TV station Newschannel 3 that ransomware locked up the systems at their co-owned Brookside ENT and Hearing Center. The attackers demanded $6,500 for the decryption keys.

The duo refused to pay the relatively low ransom demand, claiming there was no guarantee the attackers would stick to their end of the bargain, or that they wouldn’t strike again. Instead, they decided to close the clinic.

The FBI has been called in to investigate. With the investigation still ongoing, details are scarce. For example, the ransomware type used in the attack is currently unknown. For some of the most infamous pieces of ransomware, Bitdefender has decryptors to help victims recover their files.

The Newschannel 3 report also reveals a worrying case involving a 13-year old patient whose mother is devastated that her daughter’s medical records are gone. The girl is scheduled for a follow-up after an infection post-surgery.

“What am I going to do now because she just had surgery, who is going to follow up?” said the mother, Ann Ouellette. “I’m going to have to start all over again, they don’t know all of what happened during the surgery.”

It’s a mystery why the two doctors chose not to try and salvage the business by paying the ransom (considering that any medical practice, no matter how small, is most probably worth a lot more than $6,500). Granted, the rule of thumb is to not cave in to the hacker’s demands, but in some situations it’s the only way to get the data back. And when lives are at stake, it’s probably worth considering. Hopefully Brookside ENT and Hearing Center will provide an update on the incident soon.

This just goes to show, again, how big an impact ransomware can have on healthcare institutions and patients. Last year, cyber-criminals bombarded hospitals and clinics with various types of attacks, causing substantial turmoil in the industry. 2019 is projected to follow a similar path, but according to some studies, healthcare institutions are starting to invest more seriously in cyber-defenses.

About the author


Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.


Click here to post a comment
  • Closing up shop sends a clear message, we would rather let people suffer than pay your demands. Which is unfortunately necessary to prevent more of these attacks. As much as I hate that it's necessary, people cannot think that doing this to any medical practice as easy money.

  • Wish we would have the resources to finish the story. As the author points out something does not make sense here and there is likely additional stuff going on, but instead the article runs with a headline claiming root cause

    • And what would you have them do, mate? They can raise awareness – as was done – even without full details, surely? Sometimes we don't have the full details and it's far far far better to not speculate than to speculate since the latter does much harm. That doesn't mean that it's not news that a medical facility had to close due to ransomware.

  • ' but in some situations it’s the only way to get the data back'

    Yes, yes, if they don't actually consider the data important in the first place that is. Having proper WORKING backups and a disaster recovery plan would be a great way to show they care. Yet it's also a lack of awareness. Even so I wish I could believe otherwise esp with medical care. I can sympathise and empathise with the woman for I have a lot of medical problems and dear people to me have had far more far worse and to this day. But one would like to believe that these doctors take special notice and learn from their mistakes. And that goes for their own data unrelated to their former patients. I am extremely sceptical however that it'll make as big of an impact as it should. Unfortunately.