Brookside ENT and Hearing Center in Michigan was recently hit with a ransomware demand. This is the type of thing you think will never happen to your business but these days, it is becoming more common.
Could This Happen to You?
Hackers were able to break into Brookside’s database and encrypt all the files. Next, they sent a ransomware demand of $6,500. In many cases, businesses do pay the ransom even though the FBI warns not to do this. There’s no assurance that the hackers will give you the encryption code if you pay the ransom. Sometimes they do, but in many cases, they will only provide access to part of your database and the rest may be lost.
Brookside co-founders John Bizon, MD and William Scalf, MD decided not to pay the ransom and the results were devastating. After refusing the ransom demand, hackers deleted all patient records. All documents, files and patient histories were completely lost.
For any healthcare organization this can be an overwhelming event. Imagine losing all your patient’s health information, their contact info, results of tests and surgeries. Many of the patients of Brookside are still in shock over this. There were patients scheduled for procedures and those who had just had some type of surgery completed. Now all those records are lost forever.
Due to the severity of this data breach, Doctors Bizon and Scalf have made the painful decision to close the doors of Brookside ENT and Hearing Center. This decision has caused a great deal of turmoil for the staff and patients.
Why Are Healthcare Records So Valuable?
Bizon and Scalf are assuring patients that none of their electronic health information was shared across the web. However, in cases like this, it’s common for patients to file lawsuits against the clinic saying that not enough was done to protect their EHRs.
The FBI is doing a thorough investigation of this data breach. Health records are always considered a prime target for cyber thieves. Many of the cyber-attacks of the last few years have been against hospitals, clinics, therapists and other healthcare professionals. This type of information is considered to be of great value to thieves and it will bring a higher price on the Dark Web.
What Can You Do To Protect Yourself?
Too many healthcare organizations are still lax when it comes to their cybersecurity. They either think they can’t afford better data protection or that they won’t be a target for cybercriminals. But just one data breach can ruin your reputation and put you out of business, so professionals are recommending that the healthcare industry take a much stronger approach to cybersecurity.
Cyber-attacks against healthcare organizations peaked in the third quarter of 2018 and many of those were carried out against small and mid-sized practices. The primary reason hackers target smaller practices is because they know that these smaller clinics and offices do not have the money for top-notch security. They may only be using a standard anti-virus program and firewall which is just not enough anymore. They’re easy to hack.
Katherine Keefe at Beazley Breach Response Services confirms this, saying, “Unfortunately, it’s often smaller businesses that are most vulnerable to attack by cybercriminals as they frequently lack the resources and protocols of larger firms. Businesses of all sizes need to ensure their IT employees are aware of the risks through up-to-date training and implementation of cyber security measures.”
She went on to say that educating employees about how data breaches occur and what ransomware is, should be the number one goal of all business owners. Employees must be well-trained and training should take place at regular intervals. People do forget or they get complacent. Of course, it’s important to have excellent cyber security including a high-level anti-ransomware product installed on your system such as SentinelOne.
This Just Happened in Our Own Backyard!
We know first-hand that these are not just stories that we read online. This type of incident happens almost on a daily basis and you have to be ready. One of our clients who runs a medical practice was just hit over the weekend. It was a crypto-locker attack, which is a form of ransomware. Crypto-locker is a Trojan horse virus built to infect computers with the intension to search for files to encrypt.
Once the hacker finds those files, they encrypt them and then extort money from the individual by demanding payment in some type of crypto-currency to unlock the files.
The whole incident began when an employee opened an email containing the virus. It spread around the network infecting 8 out of the 30 computers before we were able to contain the virus. The computers were all encrypted in Russian. The demand for the release of the information was $10,000.
We were able to contain the virus and rebuild the network without paying the hackers any money at all. We saved all patient, vendor and staff files and the business owners were able to breathe a sigh of relief. They realized that their practice could have wound up like Brookside—closing the doors, but they had the right IT partner and we had the right security product to stop the infection and recover everything.
Why Are So Many Choosing SentinelOne?
Many large and small companies are choosing Sentinel One because it covers every base when it comes to security:
Ready to Learn More About SentinelOne?
If you’d like to learn more about SentinelOne, please contact us. Hitstech serves all of North Carolina with a full suite of professional managed IT services including cybersecurity. Our specialists can make sure that you’re ready if hackers do show up at your door. We can help your healthcare organization install and configure the best technology solutions for your business. Contact our team in North Carolina.
HitsTech is focused on bringing the right information technology solutions to organizations throughout North Carolina.
We welcome you the read some of our latest blog posts and technology articles.