[BreachExchange] Ohio Provider Pays $75K Ransom After Serious Hack on IT System

Sat Jun 15 00:59:06 EDT 2019

https://healthitsecurity.com/news/ohio-provider-pays-75k-ransom-after-serious-hack-on-it-system

NEO Urology in Boardman, Ohio was infected by a ransomware attack,
which hacked its entire IT system and left all of its data encrypted,
according to local news outlet 21WFMJ.

According to the report, a practice administrator arrived on Monday to
find a fax sent from the hackers telling NEO Urology officials that in
order to unlock their data, they would need to pay a $75,000 ransom.

The provider contacted its IT firm, who were able to “backdoor” the
hackers. Officials said the IT firm used a third-party to pay the
hackers the ransom in bitcoin. An initial investigation determined the
cyberattack likely originated in Russia, while the fax listed the
contact information for the hackers as “Pay4Day.io.”

The hack was so severe that it took three days for the practice to
regain access to their computer systems. Further, NEO Urology told
police that they reported between $30,000 and $50,000 per day of
revenue loss.

The FBI and the majority of security researchers warn against paying
the ransom, as it only fuels the perpetuation of these ransomware
attacks. However, some healthcare providers, such as Hancock Health
which fell victim to a similar attack, have found themselves without
data access and unable to quickly restore their systems – and end up
paying the ransom to quickly restore routine patient care.

In fact, after hackers deleted their files, Michigan’s Brookside ENT
and Hearing Center opted to close up shop in April due to the severity
of the ransomware attack.

While the majority of industries across the country have seen a
massive decline in ransomware over the last year, the healthcare
sector continues to be a prime target due its need for constant access
to its systems and patient data to ensure patient care is not
interrupted.

Ransomware attacks on business targets increased by a whopping 195
percent during the first quarter of 2019, with 71 percent of these
attacks targeting small businesses like NEO Urology and Dr. Thomas
DeLuca, Dr. Anthony Marciano & Associates, which fell victim to an
attack in February.

Despite insiders and privilege misuse dominating the majority of
healthcare breaches in 2018, ransomware made up 70 percent of all
malware attacks on the sector. Hackers continue to improve the
sophistication of these attacks, with the notorious Dharma ransomware
variant recently receiving an update that disguises the malware as
antivirus software.