A May, 2021 ransomware incident impacting Florida Heart Associates was added to HHS’s breach tool this month. But what the tool doesn’t show was the significant impact to the practice’s functioning and patient care.
A story on Fox4 in Florida reports that the owners refused to pay an unreported ransom demand and did get control back of their systems — but at a tremendous cost, it seems. They are only operating at 50% capacity, care has been impacted for many patients, and they lost some staff. They finally got their phones back up and running and they’re hoping to be back up and fully running by late August or early September, their CEO told Fox4.
So although it is not covered in the news report, I’ll ask here: why did they decide not to pay the ransom? And should they have paid? If they had known then what they experienced now, would they still make the same decision not to pay? And if they had insurance that would cover, knowing what they know now about patient care being impacted, would it have been negligent not to pay?
Someday, I’d love to have that follow-up conversation with their CEO. For now, they have their hands full so I’ll just wish them luck in restoring services and I won’t pester them with questions at this time.