[BreachExchange] Michigan medical center pays hackers' ransom to unlock patients' financial files

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Tue Sep 21 08:30:55 EDT 2021 

https://www.beckershospitalreview.com/cybersecurity/michigan-medical-center-pays-hackers-ransom-to-unlock-patients-financial-files.html

Carleton-based Family Medical Center of Michigan began notifying patients
this month that their financial information was exposed by hackers during a
ransomware attack, Monroe News reported Sept. 20.

Seven details:

1. A group of hackers based in Ukraine targeted the medical center and
encrypted its financial files, which prevented employees from accessing up
to 15,000 patients' financial information.

2. Family Medical Center of Michigan paid the hackers' $30,000 demand to
unlock the files, Ed Larkins, CEO of the center, told the publication.

3. FMC discovered its network had been compromised when employees noticed
that they were able to access payment information and records of its
patients. Shortly after finding this out, the hackers contacted FMC and
made their ransom demand, according to the report.

4. FMC tapped identity theft protection company IDX to help navigate the
ransomware attack, and a week after the initial hack, FMC completed the
ransom payment.

5. The hackers took two weeks to get FMC the digital key to unlock the
files, Mr. Larkins said.

"What [was] explained to us was that whoever is involved in [the hacking]
is out to get paid the ransom and move on,” Mr. Larkins said. “Once we got
the key we didn’t want to use the files … there might have been malicious
[coding] hiding in the files. [IDX] advised us not to use those files or
the hardware they were stored on."

6. Patients' medical records were not compromised at all, only financial
information. The files belonged to patients who the practice has seen
within the past 14 years.

7. FMC is offering free credit monitoring services to patients whose
financial data was exposed in the incident.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210921/f6274038/attachment.html>

More information about the BreachExchange mailing list