Michigan Practice Brookside ENT Closes Doors Following Ransomware Attack

The ransomware attack encrypted the computer systems at Brookside ENT and Hearing Center in Battle Creek which housed patient records, appointment schedules, and payment information rendering the data inaccessible. A ransomware attack can prove costly to resolve. That cost was not deemed worth it by one Michigan practice, which has now permanently closed its doors.

The attackers claimed to be able to provide a key to unlock the encryption, but in order to obtain the key to decrypt files, a payment of $6,500 was required. The two owners of the practice, William Scalf, MD and John Bizon, MD, decided not to pay the ransom as there was no guarantee that a valid key would be supplied and, after paying, the attackers could simply demand another payment.

Since no payment was made, the attackers deleted all files on the system ensuring no information could be recovered. The partners decided to take early retirement rather than having to rebuild their practice from scratch.

The FBI was alerted to the security incident and explained that this appeared to be an isolated attack. No patient data appeared to have been viewed or accessed prior to files being deleted so there is not believed to be any risk to patients; however, patients who had not obtained copies of their medical records prior to the ransomware attack will have lost all records stored by the practice.

That will naturally come at a cost to some patients, who may have to have medical tests performed for a second time. One patient at the practice told WWMT that her daughter had had surgery and she was attempting to schedule a follow up appointment when she discovered that her medical records have been lost. She must now visit another provider, but that provider will have no details about the surgical procedure.

The practice will officially close on April 30, 2019, until which point, patients can contact staff at the practice who will provide referrals.

The incident highlights just how important it is to ensure backups of all data are made. All backups must be tested to ensure they have not been corrupted and file recovery is possible.

A good best practice to adopt is the 3:2:1 approach. Create three backup copies, on two different types of media, and store one copy securely off site on an air-gapped device – One that is not networked or accessible over the internet. In the event of a ransomware attack, systems may be taken out of action and computers may need to have software reinstalled, but at least no data will be lost.

More recently a ransomware attack affected over 5000 patients at Wood Ranch Medical in Michigan.