1 min read

Arizona Medical Practice Completely Loses EHR System in Ransomware Attack

Arizona Medical Practice Completely Loses EHR System in Ransomware Attack

Desert Wells Family Medicine, a local Arizona medical practice, recently permanently lost its electronic health record system (EHR) due to a cyber-attack (reference). The worst part? They did have the EHR data backed up, but everything was still lost.

How could this happen?

In a growing phenomenon among cyber-attacks, the ransomware attack successfully encrypted both the original EHR files and the backup EHR files. While we often preach the importance of backing up essential data, in this case, even backups were compromised, posing a much larger problem. 

Among the EHR data, the protected health information records of 35,000 patients were compromised. Sensitive data included treatment information, social security numbers, medical record numbers, billing account numbers, addresses, dates of birth, patient names, and more.

Despite all efforts to recover the compromised data, including hiring external specialists, nothing has been successful. The data remains lost. The practice has been forced to completely reconstruct its EHR records- a timely, costly, and grueling process.

How could this have been avoided?

In short, some ransomware attacks are unavoidable. However, many can be avoided. The process of encrypting both the primary EHR data and the backup EHR data was a two-part attack. With processes like high-end threat monitoring, it’s possible the attack could have been impeded before it reached the EHR backups. As with all organizations that are victims of ransomware attacks, it’s necessary to take a deep look in the mirror and evaluate organizational security practices.

Moving forward, this practice should focus on the following security improvements: 

  1. Implement better endpoint protection, specifically, a solution with active ransomware-hunting functionality.
  2. Provide additional training and education to staff.
  3. Use a backup solution that is on a segregated platform. 

If you are a medical practice looking to enhance your IT security, PK Tech can help. We are highly experienced working with medical practices and fully equipped to navigate ever-changing HIPAA laws. PK Tech owns Compliancy Group’s HIPAA Seal of Compliance. You can also check out our HIPAA Technology Survival Guide and 4 Quality HIPAA Resources for Your Business

Reach out to PK Tech if we can help. 

What We Can Learn from the City of Kingman’s Criminal Cyberattack

What We Can Learn from the City of Kingman’s Criminal Cyberattack

A massive cyberattack targeted the Arizona City of Kingman’s technology infrastructure in early March. While categorized by officials as a “criminal...

Read More
Hacker Tracker | February

Hacker Tracker | February

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK...

Read More
Predictions for Ransomware in 2023

Predictions for Ransomware in 2023

9% of organizations were hit by ransomware in 2016. In 2021, 29% reported being hit by ransomware. 2022 has been even worse, and it can be marked as...

Read More