Healthcare Records Unavailable For Months After Ransomware Infection

Healthcare records of an Arizona clinic have not been available for months after a ransomware infection. The Desert Care clinic got infected in August, and they were not able to recover the files. They sent a letter (PDF) to their clients who got the advice to monitor their credit records and account statements, benefits and credit card bills.

The server contained 500 records of the patient’s name, DOB, address, medical details, treatment details and apparently credit card information. Desert Care reported the breach to the U.S. Department of Health and Human Services Office for Civil Rights December 20th. You should check this database, the amount of reported data breaches in Health Care is horrendous.

The clinic mentions that they do not know if the encrypted data was also stolen, and has alerted local law enforcement and the FBI. The server was inspected by serveral IT specialists, but they could not decrypt the files. Clearly no backups available, and no intention to pay ransom either. I cannot repeat often enough that now is the time to religiously backup all files and also regularly test if your restore function works!

And oh, train those users to not open phishing email attachments and enable macros…

 Hello! 

CEO, Author of the #1 Risk to Small Businesses

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
A note to our visitors

This website has updated its privacy policy in compliance with changes to European Union data protection law, for all members globally. We’ve also updated our Privacy Policy to give you more information about your rights and responsibilities with respect to your privacy and personal information. Please read this to review the updates about which cookies we use and what information we collect on our site. By continuing to use this site, you are agreeing to our updated privacy policy.