DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CA: Wood Ranch Medical Announces It Will Close Practice Due to Ransomware Attack

Posted on September 30, 2019 by Dissent

Update: this incident was reported to HHS as impacting  5,835 patients. 

For the second time in six months, a medical practice has announced that it is closing its practice as a result of a ransomware attack.  The first case involved Brookside ENT and Hearing Center in Michigan, whose doctors refused to pay the $6,500 ransom demanded for the decryption key and decided to just retire pretty much immediately.

Now we learn that Wood Ranch Medical in California will be closing its office in December because of the total loss of their patient records and backups. The following is the text of the notice as it appears on their web site. It is being preserved below in case the site is shuttered when the practice closes. The notification does not disclose how much ransom was demanded, and why the practice decided not to pay it (assuming that they did receive a ransom demand, which the letter suggests they did).


SIMI VALLEY, CA – September 18, 2019 – Wood Ranch Medical (“WRM”) was the victim of a ransomware attack that resulted in its patients’ personal healthcare information being encrypted. As a result, we were unable to restore patients’ healthcare records and will be closing our practice on December 17, 2019. Although there is no indication that any information was accessed, in an abundance of caution, we have taken steps to notify all patients and to provide resources to assist them.

On August 10, 2019, we suffered a ransomware attack on Wood Ranch Medical’s computer systems. Ransomware is a computer virus that encrypts our computer system until and unless we pay money (i.e., the ransom) demanded by the attackers. The attack encrypted our servers, containing your electronic health records as well as our backup hard drives. These rampant attacks continue to challenge everyone in the business and medical communities. We believe it is likely the attacker only wanted money and not the information on our computers. While we have no reason to believe that anyone’s healthcare information was taken, the encrypted system contained electronic healthcare records which included patients’ names, addresses, dates of birth, medical insurance and related health information.

Unfortunately, the damage to our computer system was such that we are unable to recover the data stored there and, with our backup system encrypted as well, we cannot rebuild our medical records. We will be closing our practice and ceasing operations on December 17, 2019. As much as I have enjoyed providing medical care to you, I will not be able to attend to you professionally after that date. Between now and December 17th, we will work with you as you seek another medical practitioner for you and your family’s healthcare needs. If you require an appointment for medication refills you must contact our office at (805) 306-0222 as soon as possible prior to December 17th.

We mailed letters to individuals impacted by this incident which includes information about the incident and steps you can take to monitor and protect your personal information. We have also established a toll-free call center to answer questions about the incident and related concerns. The call center is available Monday through Friday from 6:00 a.m. to 3:30 p.m., Pacific Time and can be reached at 1-833-943-1375.

WRM takes the protection of its patients’ information seriously and sincerely apologizes for any inconvenience this incident may cause.

The following information is provided to help individuals wanting more information on steps they can take to protect themselves:

How do I obtain a copy of my credit report?

You can obtain a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting agencies. To order your credit report, free of charge once every 12 months, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting agencies is included in the e-mail and letter, and is also listed at the bottom of this page.

How do I put a fraud alert on my account?

You may consider placing a fraud alert on your credit report. This fraud alert statement informs creditors to possible fraudulent activity within your report and requests that your creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact Equifax, Experian or TransUnion and follow the Fraud Victims instructions. To place a fraud alert on your credit accounts, contact your financial institution or credit provider. Contact information for the three nationwide credit reporting agencies is included in the letter and is also listed at the bottom of this page.

Contact information for the three nationwide credit reporting agencies is as follows:

Equifax Security Freeze
PO Box 105788
Atlanta, GA 30348-5788
1-800-525-6285
www.equifax.com/personal/creditreport-services/

Experian Security Freeze
PO Box 9554
Allen, TX 75013-9544
1-888-397-3742
www.experian.com/freeze/center.html

TransUnion (FVAD)
PO Box 2000
Chester, PA 19014-0200
1-800-680-7289
www.transunion.com/credit-freeze

Category: Health DataMalwareOf Note

Post navigation

← Former Yahoo software engineer pleads guilty to using work access to hack into Yahoo users’ personal accounts
Systems shut down in Victorian hospitals after suspected cyber attack →

1 thought on “CA: Wood Ranch Medical Announces It Will Close Practice Due to Ransomware Attack”

  1. Robert Cash says:
    October 2, 2019 at 2:34 pm

    “Although there is no indication that any information was accessed”… I’m curious, how can a malicious actor encrypt data that is not accessed?

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware
  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.