Ransomware Attack Cause of Wood Ranch Medical Permanent Closure
Wood Ranch Medical has announced it will be permanently closing its doors as a direct result of a ransomware attack. The devastating attack occurred at Wood Ranch Medical in Simi Valley, CA, which recently announced that the practice will permanently close on December 17, 2019. It is another example of how cyber attacks and specifically Ransomware can bring a business to its knees.
This is not the first practice that has been forced to shut down as a result of a ransomware attack and it is unlikely to be the last. Earlier this year, Brookside ENT and Hearing Center in Battle Creek, MI similarly experienced a ransomware attack that permanently encrypted patient records. Its owners took the decision to close the business and take early retirement rather than rebuild the practice from scratch.
The Wood Ranch Medical attack occurred on August 10, 2019 and resulted in its servers being infected with ransomware. The attack caused widespread file encryption and prevented medical records from being accessed. The extent of the attack was such that computer systems were permanently damaged making file recovery impossible. The practice had created backups of patient records, but those backups were also encrypted and could not be used to restore patient data.
Ransomware attacks are usually conducted with the sole purpose of extorting money. Files are encrypted and a ransom demand is issued. If the ransom is not paid, files remain permanently encrypted. Payment of the ransom comes with no guarantee that file recovery will be possible and encourages further attacks. For these reasons the FBI recommends ransom payments are never made.
In this case, the practice believes that the sole aim of the attack was to obtain payment and no patient records are believed to have been accessed by the attackers or downloaded from its servers. Nonetheless, affected patients have been advised to exercise caution and monitor their credit reports and explanation of benefits statements for any sign of fraudulent activity. The types of information potentially compromised included names, addresses, dates of birth, health information, and health insurance information.
Wood Ranch Medical’s website now only displays the substitute breach notice, as operations are wound down. “WRM takes the protection of its patients’ information seriously and sincerely apologizes for any inconvenience this incident may cause.” The incident affects 5,835 patients, all of whom have been sent notification letters by mail. Over the next two months, the practice will be working with patients to help them find alternative medical practitioners in the area who will be able to serve their healthcare needs.
This incident highlights the catastrophic consequences of ransomware attacks. In this case the attack has not only forced a practice to close and made staff unemployed, it has also caused considerable disruption for patients and the permanent loss of their health records.
See the Wood Ranch Medical statement here.
A good best practice to adopt is the 3:2:1 approach. Create three backup copies, on two different types of media, and store one copy securely off site on an air-gapped device – One that is not networked or accessible over the internet. In the event of a ransomware attack, systems may be taken out of action and computers may need to have software reinstalled, but at least no data will be lost.