DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CO: Hit by ransomware, Estes Park Health decides to pay the ransom to get decryption keys

Posted on June 15, 2019 by Dissent

Zach Clemens reports that Estes Park Health suffered a ransomware attack on June 2. No data was exfiltrated, but it was locked up, and after consulting with their cyberinsurer and IT people, they decided that they had to pay the ransom.

“At that point in time we are looking at the patients we have internally, we are looking at what is coming through the door and monitoring everything that was going on,” Leaming said.

And THAT’s what people who are not in healthcare don’t “get” when they blithely just advise entities to never pay ransom. If you are a healthcare facility you have to try to determine whether you can protect patient safety and health if you don’t pay the ransom. If your computer system got locked up but you have usable backups, then you are in a different situation than if your computer system was locked up and you’re the trauma center for your region.

“I think it is important to say that likely the only way to restore the software in the clinic and the only way we were able to restore the imaging and so forth is because our insurance company paid the ransom money and we were able to get the keys to unlock those files,” Leaming said.

Leaming did not mention having usable backups, and that is something that I expect the insurer asked about and that OCR will ask about.

EPH had to pay a $10,000 deductible to the insurance company for their payment of the ransom. Yet Leaming did say that an initial amount was paid, and as they were unlocking files, they found more locks, which they had to go back and pay the hackers more.

It is not clear how much they paid, total. Nor do they reveal the type of ransomware used.

Read more on the Estes Park Trail-Gazette.

Category: Breach IncidentsCommentaries and AnalysesHealth DataMalwareU.S.

Post navigation

← Three U.S. Universities Disclose Data Breaches Over Two-Day Span
Thanks to Equifax breach, 4 US agencies don’t properly verify your data, GAO finds →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • AMI Group – Travel & Tours notice of ransomware attack
  • Resource: Insider Threat reports
  • Za: Cyber extortionist sentenced to eight years in jail
  • ICE takes steps to deport the Australian hacker known as “DR32”
  • Hearing on the Federal Government and AI
  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Decision That Murdered Privacy
  • Hearing on the Federal Government and AI
  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.