Brookside ENT and Hearing Center, a private practice based out of Battle Creek, Michigan, has been forced to permanently close its doors after becoming the target of a vicious ransomware attack.
The owners, Williams Scalf, MD, and John Bizon, MD, found that the entirety of their systems had been taken offline. It was later discovered that the system crash was due to a malicious virus introduced by hackers that were demanding a ransom of $6,500 for a key to supposedly unlock the systems.
Patient records, payment information, office files, and scheduled appointments were all rendered inaccessible by the attack. While Scalf and Bizon could have chosen to pay the ransom and potentially get their systems back, they decided instead to follow the advice given in an official statement in 2016 discouraging victims of ransomware from paying the hackers and refused payment. Their reasoning behind the decision was that, even if they paid, there was no guarantee that their systems would be unlocked, and the hackers could simply keep asking for more and more money.
In the end, their refusal resulted in the hackers permanently deleting all of their files which essentially left their practice at square one. Rather than accepting the daunting process of starting their establishment over from scratch, the owners chose to close their doors for good.
“Unfortunately, it’s often smaller businesses that are most vulnerable to attack by cybercriminals as they frequently lack the resources and protocols of larger firms,” Beazley Breach Response Services Head Katherine Keefe said at the time of the report. “Businesses of all sizes need to ensure their IT employees are aware of the risks through up-to-date training and implementation of cyber security measures.”
While the decision to close Brookside ENT and Hearing Center’s doors was the simplest solution for the owners, this left many of their patients out in the cold since many had gone through the clinic for procedures and had follow up appointments scheduled. Without any records or details on those procedures, customers were forced to start over with other doctors costing them additional time and money.
With the added threat to smaller organizations constantly lurking in the background, it becomes more and more necessary to maintain HIPAA compliance and keep in-the-know with current events to stay one step ahead of potential cybercriminals. Try HIPAAgps for a 7-day, risk-free trial and experience a simple system that helps your organization be HIPAA compliant, conduct risk assessments, develop business associate agreements, create policies and procedures, and so much more. Let HIPAAgps help you secure your small or big health care organization.