California healthcare organization, Marin Healthcare District announced one of its key vendors, Marin Medical Practices Concepts, was infected with a ransomware attack. Marin Medical Practices provides medical billing and electronic health records services to Marin Healthcare District, making their files extremely confidential and valuable. The company noticed the incident on July 26 after one of its backup systems failed, resulting in a loss of files collected at nine medical care centers. While Marin Healthcare did pay the ransom to unlock the files, the cybercriminals failed to decrypt them. They released a statement notifying customers about the breach on Sept. 28, 2016, after a third-party forensic firm finished their investigation of the incident.
The FBI advises all ransomware victims to avoid paying the ransom at all costs, as there is no guarantee the cybercriminals will follow through with their promise. While the files are often unlocked, this provides another example supporting the FBI’s case. The information lost included “vital signs, limited clinical history, documentation of physical examinations, and records of the communication between patients and their physician during a visit in the 15-day period,” according to Marin Healthcare. Fortunately, there is no evidence personal, financial, or health information was accessed or transferred.