[BreachExchange] Marin Community Clinics hit with ransomware attack

[Destry Winant]

https://www.marinij.com/2019/06/24/marin-community-clinics-hit-with-ransomware-attack/

Marin Community Clinics was able to resume use of its computer system
Friday night after being hit by a ransomware attack between 9 a.m. and
10 p.m. Wednesday.

“We’re not totally out of the woods, but we’re feeling good because
we’ve had the system up three days now.” said Mitesh Popat, the
clinics’ CEO. “There is always reinfection risk hanging over your
head. We’re trying to play it super safe and super cautious.”

Unidentified hackers somehow managed to encrypt the clinics’ data and
demanded a ransom to decrypt it. Typically, to be successful
ransomware requires some form of user interaction, such as a user
opening an attachment to an email and clicking on a malicious link.

Popat, however, said the ransomware used in the attack, known as
Sodinokibi, gained access through a computer server.

“It was through our network operator,” Popat said. He declined to
identify the operator, citing security concerns.

Popat said Marin Community Clinics was able to resume use of its
system fairly quickly because it backs up its data on a regular basis.

“We are able to restore from those backups,” Popat said.

Popat said no patient information was compromised during the attack
and little or no information was lost.

Popat said there are other entities that were hit by the Sodinokibi
ransomware around the same time and their systems are still down. He
declined to name them.

Matt Willis, Marin County’s public health officer, said none of the
county’s systems was affected by the attack. Willis said the county
has been conducting mock phishing attacks to educate county workers
about the dangers of opening unidentified emails.