Update: this incident was reported to HHS as impacting 5,835 patients.
For the second time in six months, a medical practice has announced that it is closing its practice as a result of a ransomware attack. The first case involved Brookside ENT and Hearing Center in Michigan, whose doctors refused to pay the $6,500 ransom demanded for the decryption key and decided to just retire pretty much immediately.
Now we learn that Wood Ranch Medical in California will be closing its office in December because of the total loss of their patient records and backups. The following is the text of the notice as it appears on their web site. It is being preserved below in case the site is shuttered when the practice closes. The notification does not disclose how much ransom was demanded, and why the practice decided not to pay it (assuming that they did receive a ransom demand, which the letter suggests they did).
SIMI VALLEY, CA – September 18, 2019 – Wood Ranch Medical (“WRM”) was the victim of a ransomware attack that resulted in its patients’ personal healthcare information being encrypted. As a result, we were unable to restore patients’ healthcare records and will be closing our practice on December 17, 2019. Although there is no indication that any information was accessed, in an abundance of caution, we have taken steps to notify all patients and to provide resources to assist them.
On August 10, 2019, we suffered a ransomware attack on Wood Ranch Medical’s computer systems. Ransomware is a computer virus that encrypts our computer system until and unless we pay money (i.e., the ransom) demanded by the attackers. The attack encrypted our servers, containing your electronic health records as well as our backup hard drives. These rampant attacks continue to challenge everyone in the business and medical communities. We believe it is likely the attacker only wanted money and not the information on our computers. While we have no reason to believe that anyone’s healthcare information was taken, the encrypted system contained electronic healthcare records which included patients’ names, addresses, dates of birth, medical insurance and related health information.
Unfortunately, the damage to our computer system was such that we are unable to recover the data stored there and, with our backup system encrypted as well, we cannot rebuild our medical records. We will be closing our practice and ceasing operations on December 17, 2019. As much as I have enjoyed providing medical care to you, I will not be able to attend to you professionally after that date. Between now and December 17th, we will work with you as you seek another medical practitioner for you and your family’s healthcare needs. If you require an appointment for medication refills you must contact our office at (805) 306-0222 as soon as possible prior to December 17th.
We mailed letters to individuals impacted by this incident which includes information about the incident and steps you can take to monitor and protect your personal information. We have also established a toll-free call center to answer questions about the incident and related concerns. The call center is available Monday through Friday from 6:00 a.m. to 3:30 p.m., Pacific Time and can be reached at 1-833-943-1375.
WRM takes the protection of its patients’ information seriously and sincerely apologizes for any inconvenience this incident may cause.
The following information is provided to help individuals wanting more information on steps they can take to protect themselves:
How do I obtain a copy of my credit report?
You can obtain a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting agencies. To order your credit report, free of charge once every 12 months, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting agencies is included in the e-mail and letter, and is also listed at the bottom of this page.
How do I put a fraud alert on my account?
You may consider placing a fraud alert on your credit report. This fraud alert statement informs creditors to possible fraudulent activity within your report and requests that your creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact Equifax, Experian or TransUnion and follow the Fraud Victims instructions. To place a fraud alert on your credit accounts, contact your financial institution or credit provider. Contact information for the three nationwide credit reporting agencies is included in the letter and is also listed at the bottom of this page.
Contact information for the three nationwide credit reporting agencies is as follows:
Equifax Security Freeze
PO Box 105788
Atlanta, GA 30348-5788
1-800-525-6285
www.equifax.com/personal/creditreport-services/
Experian Security Freeze
PO Box 9554
Allen, TX 75013-9544
1-888-397-3742
www.experian.com/freeze/center.html
TransUnion (FVAD)
PO Box 2000
Chester, PA 19014-0200
1-800-680-7289
www.transunion.com/credit-freeze
“Although there is no indication that any information was accessed”… I’m curious, how can a malicious actor encrypt data that is not accessed?