DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CA: Wood Ranch Medical Announces It Will Close Practice Due to Ransomware Attack

Posted on September 30, 2019 by Dissent

Update: this incident was reported to HHS as impacting  5,835 patients. 

For the second time in six months, a medical practice has announced that it is closing its practice as a result of a ransomware attack.  The first case involved Brookside ENT and Hearing Center in Michigan, whose doctors refused to pay the $6,500 ransom demanded for the decryption key and decided to just retire pretty much immediately.

Now we learn that Wood Ranch Medical in California will be closing its office in December because of the total loss of their patient records and backups. The following is the text of the notice as it appears on their web site. It is being preserved below in case the site is shuttered when the practice closes. The notification does not disclose how much ransom was demanded, and why the practice decided not to pay it (assuming that they did receive a ransom demand, which the letter suggests they did).


SIMI VALLEY, CA – September 18, 2019 – Wood Ranch Medical (“WRM”) was the victim of a ransomware attack that resulted in its patients’ personal healthcare information being encrypted. As a result, we were unable to restore patients’ healthcare records and will be closing our practice on December 17, 2019. Although there is no indication that any information was accessed, in an abundance of caution, we have taken steps to notify all patients and to provide resources to assist them.

On August 10, 2019, we suffered a ransomware attack on Wood Ranch Medical’s computer systems. Ransomware is a computer virus that encrypts our computer system until and unless we pay money (i.e., the ransom) demanded by the attackers. The attack encrypted our servers, containing your electronic health records as well as our backup hard drives. These rampant attacks continue to challenge everyone in the business and medical communities. We believe it is likely the attacker only wanted money and not the information on our computers. While we have no reason to believe that anyone’s healthcare information was taken, the encrypted system contained electronic healthcare records which included patients’ names, addresses, dates of birth, medical insurance and related health information.

Unfortunately, the damage to our computer system was such that we are unable to recover the data stored there and, with our backup system encrypted as well, we cannot rebuild our medical records. We will be closing our practice and ceasing operations on December 17, 2019. As much as I have enjoyed providing medical care to you, I will not be able to attend to you professionally after that date. Between now and December 17th, we will work with you as you seek another medical practitioner for you and your family’s healthcare needs. If you require an appointment for medication refills you must contact our office at (805) 306-0222 as soon as possible prior to December 17th.

We mailed letters to individuals impacted by this incident which includes information about the incident and steps you can take to monitor and protect your personal information. We have also established a toll-free call center to answer questions about the incident and related concerns. The call center is available Monday through Friday from 6:00 a.m. to 3:30 p.m., Pacific Time and can be reached at 1-833-943-1375.

WRM takes the protection of its patients’ information seriously and sincerely apologizes for any inconvenience this incident may cause.

The following information is provided to help individuals wanting more information on steps they can take to protect themselves:

How do I obtain a copy of my credit report?

You can obtain a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting agencies. To order your credit report, free of charge once every 12 months, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting agencies is included in the e-mail and letter, and is also listed at the bottom of this page.

How do I put a fraud alert on my account?

You may consider placing a fraud alert on your credit report. This fraud alert statement informs creditors to possible fraudulent activity within your report and requests that your creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact Equifax, Experian or TransUnion and follow the Fraud Victims instructions. To place a fraud alert on your credit accounts, contact your financial institution or credit provider. Contact information for the three nationwide credit reporting agencies is included in the letter and is also listed at the bottom of this page.

Contact information for the three nationwide credit reporting agencies is as follows:

Equifax Security Freeze
PO Box 105788
Atlanta, GA 30348-5788
1-800-525-6285
www.equifax.com/personal/creditreport-services/

Experian Security Freeze
PO Box 9554
Allen, TX 75013-9544
1-888-397-3742
www.experian.com/freeze/center.html

TransUnion (FVAD)
PO Box 2000
Chester, PA 19014-0200
1-800-680-7289
www.transunion.com/credit-freeze

Related posts:

  • Kept in the Dark — Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden
  • Updating: CaptureRx incident impacted more than 2.4 million. List of Entities.
  • Madison Square Garden Company Alerts Customers of Payment Card Data Breach
Category: Health DataMalwareOf Note

Post navigation

← Former Yahoo software engineer pleads guilty to using work access to hack into Yahoo users’ personal accounts
Systems shut down in Victorian hospitals after suspected cyber attack →

1 thought on “CA: Wood Ranch Medical Announces It Will Close Practice Due to Ransomware Attack”

  1. Robert Cash says:
    October 2, 2019 at 2:34 pm

    “Although there is no indication that any information was accessed”… I’m curious, how can a malicious actor encrypt data that is not accessed?

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.