California Provider to Close After Ransomware Attack Damages System

This article was originally published on https://healthitsecurity.com.

Wood Ranch Medical reported ransomware recently encrypted its systems and backups, which the provider was unable to recover; Campbell County continues its recovery and another ransomware incident complete this week’s breach roundup.

September 30, 2019 – California-based Wood Ranch Medical will permanently close its doors, after the provider was unable to recover its patient records that were encrypted by ransomware this summer.

In August, the servers containing the electronic health records of WRM were infected with ransomware. All patient data was encrypted, including the backup hard drives. The damage to the computer system was severe enough that data recovery was not an option.

As a result, officials said it would be impossible to rebuild its medical records. WRM will close its practice and cease operations on December 17, 2019.

“As much as I have enjoyed providing medical care to you, I will not be able to attend to you professionally after that date,” officials wrote in a statement. “Between now and December 17th, we will work with you as you seek another medical practitioner for you and your family’s healthcare needs.”

To officials, it appears the hackers were only seeking ransom payment and not the data it encrypted. But WRM is still notifying patients of the security incident, as the encrypted servers contain patient data like names, contact details, dates of birth, medical insurance, and related health data.

WRM is the second provider in the last year to shutter after falling victim to ransomware. Michigan’s Brookside ENT and Hearing Center announced it was closing after its computer systems were completely encrypted, and hackers demanded $6,500 to decrypt the patient files. The provider said hackers wiped the entire system, after they refused to pay the ransom.

The costs of falling victim to ransomware have steadily increased over the last year, causing an average of 10 days of downtime and about $36,295 in recovery. Most recently, a ransomware attack on Digital Dental Record and PerCSoft locked about 100 dental providers out of their health records for nearly one month. The provider announced recovery efforts were nearing completion on September 26.

CAMPBELL COUNTY HEALTH STILL RECOVERING FROM RANSOMWARE

More than a week after a ransomware attack locked down its computer systems and network, Campbell County Health is still working to recover its systems and restore routine patient care.

Early on September 20, CCH experienced a computer disruption that was later determined to be ransomware. The “sophisticated cyberattack” has forced some appointment cancellations, patient transfers, and other care disruptions.

CCH has been working with law enforcement and a third-party cybersecurity team in order to restore normal operations. Officials said they are aware of the frustration the issue has caused to the community, but explained they must be “methodical in our response to ensure no remnants of the malware remain on the system.”

As of Sunday afternoon, CCH is still without email and has limited fax capabilities. Its lab is seeing limited outpatient cases, including routine bloodwork, but they are unable to accept walk-in wellness bloodwork. Radiology is still not accepting outpatient appointments and only accepting limited services for the emergency department, PROS, and walk-in clinic.

Appointments for endrocrinology, respiratory therapy, sleep clinic, and wellness blood draws have either been canceled or rescheduled for September 30. However, CCH has been able to restore services at a wide range of its departments including audiology, cancer center, hospice, pediatrics, and other services.

All patients are still being asked to call to confirm appointments and to bring medication bottles with them to the appointment. CCH is still unsure of when full operations will be restored.

RANSOMWARE ATTACK ON PERSONAL INJURY NETWORK NORTHWEST

Approximately 12,052 Washington residents have been notified their patient data was potentially compromised during a ransomware attack on Personal Injury Network Northwest.

Three servers of the Kent, Washington rehabilitation provider were encrypted with ransomware on April 22. Upon discovery the following day, the servers were taken offline. Officials said they were able to restore most of the data from backups.

A computer forensics firm was hired to ensure the servers were secured and to determine if any data was compromised during the security incident. While officials said they did not find evidence of access or exfiltration, it could not be ruled out.

Given that patient data was stored on the impacted servers, officials opted to conclude the ransomware attack put the data at risk. The data included patient names, addresses, dates of birth, driver’s license numbers, and diagnoses. All patients will receive a year of identity theft protection and credit monitoring services.