Ransomware Hit a Michigan Doctor’s Office, the Results Were Catastrophic

by | Apr 16, 2019

In recent months, hackers have begun targeting doctors offices and hospitals, receiving roughly 34% of all ransomware attacks. In an unprecedented incident, it just cost two doctors their practice.

What Happened

Last month, the offices of Brookside ENT in Battle Creek, Michigan, experienced a ransomware attack. The hackers encrypted patient information and demanded a ransom in exchange for a password to decode the information. 

Drs William Scalf and John Bizon decided not to pay the ransom.

The hackers then proceeded to delete all medical records for the patients. The doctors had no record of anything from appointments to surgery results.

Some who had just undergone surgery are having difficulty receiving follow up care because there is simply no record of their surgery.

And because there is no patient schedule the doctors have to wait at their practice for someone to show up. There isn’t even a way to call and inform their patients as there are no phone numbers on record.

Rather than try to rebuild their practice from scratch, Brookside ENT will permanently shut their doors on April 30th, 2019.

It could have been worse.

If the hackers would have been able to view the information, not only would that have resulted in a HIPAA violation on the part of the doctors but it also would have compromised the identity security of all the affected patients.

What Other Practices Can Learn

Protect Your Email

91% of all malware originates in an email. Because each email account is a potential vulnerability, it’s important to employ a spam filter as well as provide training to your employees on identifying threats.

“…Education about the risks and preparedness are as important as IT security measures for protecting individuals and assets from cyber attacks,” said Katherine Keefe, Beazley Breach Response Services Head in response to the Brookside Ransomware attack.

Use Endpoint Malware Security

In the event of a ransomware attack, endpoint malware security can block lateral movement. This isolates the attack to a single device rather than encrypting every device on a network.

Endpoint security can also block the ransomware’s download of encryption keys.

Small Business, Big Target

Repeatedly, hackers are targeting small business because they are viewed as easy targets.

61% of all cyber attacks target small business.

This doesn’t have to be the case for your business. ITonDemand offers affordable and scalable IT solutions to partner in the prevention of these types of attacks.


Download our infographic and learn how to identify a phishing scam when you see one.

Get IT Support