August 5, 2020

Volume X, Number 218

August 05, 2020

Subscribe to Latest Legal News and Analysis

August 04, 2020

Subscribe to Latest Legal News and Analysis

August 03, 2020

Subscribe to Latest Legal News and Analysis

Ransomware Attacks Double in 2019: Medical Providers Can’t Recover and Shut Down

Consistent with our experience, security firm McAfee has confirmed in a report that ransomware attacks have doubled in 2019. Medical providers have been hit hard this year, and one provider, Wood Ranch Medical, located in California, is permanently closing following a ransomware attack.

Wood Ranch was hit with a ransomware attack over the summer, and its electronic medical records (EMR) were encrypted. Wood Ranch did not pay the ransom, and then discovered that its back-up hard drives were also encrypted by the attackers. The damage was devastating, and because Wood Ranch was unable to recover its data, it is winding down and will cease operation on December 17, 2019.

This comes after Michigan Brookside ENT and Hearing Center was hit with a ransomware attack. The attackers requested payment of $6,500 to decrypt the provider’s system containing its patient records, which the provider refused to pay. In response, the hackers wiped the entire system, which forced Brookside to also shut its doors.

There is no indication that these attacks will not continue, and could force other medical providers to decide to shut their doors because they are unable to recover from an attack. These examples show how important it is to have a robust and tested back-up system for providers’ systems, including the EMR  (which is required by HIPAA), and an incident response program that can be implemented quickly to avoid the disastrous consequence of going out of business.

Copyright © 2020 Robinson & Cole LLP. All rights reserved.National Law Review, Volume IX, Number 276


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...