HIPAA Horror Stories

Ransomware Catastrophe

one-minute read

A Midwest Ear, Nose and Throat practice shut down permanently after hackers breached office computers and held data hostage, reports The Minneapolis Star Tribune.

Criminals targeted the Brookside ENT of Battle Creek, Michigan, in an April Ransomware attack that completely locked the hard drives of the two-physician office. The doctors were told to pay $6,500 for a password the attackers promised would unlock the data, which comprised all patient electronic health records (EHRs). 

Rather than pay, Drs. William Scalf and John Bizon chose to shutter their office permanently. The doctors told the newspaper they had no assurances the password would work or that the hackers wouldn’t return. Patients were stranded. 

While early retirement may be appealing, the doctors are not off the hook. In most cases, ransomware attacks qualify as reportable health data breaches under HIPAA.  

Ransomware attacks often begin when a victim opens a harmless-looking email, which contains code that locks an entire drive. In the case of Brookside ENT, even the backup data was locked up. That’s because automatic backup software simply passed the ransomware up to the cloud or other connected backup drive.

Cybersecurity experts applauded the doctors for refusing to pay the ransom, but say multiple backups are required to prevent catastrophic data loss. The HIPAA Security Rule is a blueprint to protect against Ransomware attacks and maintain and recover data. 

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Don’t become a HIPAA Horror Story! HIPAA compliance is easy, when you know the rules.

Request A Demo

Copyright © 2019 The ET&C Group LLC.
The HIPAA E-Tool® is a registered trademark of The ET&C Group LLC
Terms of Service | Privacy Policy

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free