Small Indiana Nonprofit Falls Victim To Ransom Cyberattack

Enlarge this image toggle caption Annie Ropeik/Indiana Public Broadcasting Annie Ropeik/Indiana Public Broadcasting

Everything was missing. Client files, financial data — all gone one Wednesday morning from the servers of Cancer Services of East Central Indiana — Little Red Door.

The small, Muncie-based nonprofit had been hit by a cyberattack like those that locked computers around the world last week.

The organization was hacked in January and, months later, is still recovering.

Executive Director Aimee Robertson-Fant says the group couldn't figure out what happened to its data when it went missing from the server.

What hackers did was "diabolical"

Adding to the confusion, she says, her staff started getting strange text messages "saying that 'they were going to be our new best friends' and that 'they were going to help us.' "

Next came the email with the subject line "Cancer Sucks, But We Suck More!"

"It was diabolical. It was cruel," Fant says. "They were brutal."

Hackers accessed the nonprofit's server after a staffer inadvertently downloaded malware from an email. The hackers wanted 50 bitcoin, or what was then about $43,000, to return the data and keep it private.

"I hate to use the word traumatic, but it was," Fant says. "You just don't understand what's happening, you just — it's sort of an out of body experience, where we just couldn't figure out why someone would be doing this to us."

Enlarge this image toggle caption Annie Ropeik/Indiana Public Broadcasting Annie Ropeik/Indiana Public Broadcasting

Fant says the FBI told her it has been investigating this group of hackers, and that they probably wanted sensitive information, such as bank account or Social Security numbers.

The hackers did not attack another nonprofit, the Little Red Door Cancer Agency, which is based in Indianapolis.

Hackers published private letters

But Little Red Door doesn't keep anything like that on file, Fant says. So when it decided not to pay the ransom, the hackers posted what they did have.

"It was pretty despicable," Fant says. "We send out grief letters to families [of] clients who have passed away, and they did publish some grief letters — on Twitter."

Michael Wolfe, chief technology officer of Muncie-based software firm Ontario Systems, says organizations like Little Red Door are "only secure as your weakest link in the chain," making them susceptible to hacking.

"So you need to be prepared for what you will do if that happens," he says, "because the likelihood of that happening is increasing daily."

Wolfe volunteered to help Little Red Door secure what data they could. But they couldn't recover everything.

Fant says her staff has spent months painstakingly entering client information, from handwritten notes and manila folders piled and filed all over the office, back into their computers.

Patient advocate Diana Rinker has been cheerfully leading that effort.

"I have a month of back data to enter," she says. She hoped to finish it that day. Then, she says, "we'll be caught up on this end."

Rinker was herself diagnosed with cancer just before the hack. She says she's been on data entry duty between rounds of chemotherapy.

"It's made it a little stressful," she says. "But it's so nice when our clients come in, because we've not had one client that hasn't been understanding."

Lesson for small businesses

Little Red Door has struggled since the hack with more than just paperwork. Without all its data in hand it hasn't been able to get much of the grant funding that pays its bills.

Michael Wolfe, the software company CTO, says there's a lesson here for small nonprofits and businesses.

"Stop. Sit down with your board. ... and think through some questions about: What is your IT infrastructure? Where do you store data? What is your data?" he says. "I'm sure that there are improvements to be made that could prevent devastation."

Hackers don't discriminate, he says, and no matter how small your business or how noble your nonprofit's mission, you could be vulnerable.