Skip to main content

Ransomware attacks shut down practices

Ransomware attacks have forced two medical practices — one in Michigan and one in California — to close their doors. The attacks encrypted the practices’ medical records, making them permanently inaccessible. 1 

In the first attack, ransomware encrypted the system at Brookside ENT and Hearing Center in Battle Creek, Michigan. The system housed patient records, appointment schedules, and payment information. The attack rendering the data inaccessible.

The attackers said they would provide a key to unlock the encryption in exchange for a payment of $6,500.

The two physician owners of the practice did not to pay the ransom, as there was no guarantee that a valid key would be supplied and, after paying, the attackers could simply demand another payment. (This is why the FBI recommends not making ransom payments.)

Since no payment was made, the attackers deleted all files on the system ensuring no information could be recovered. The partners decided to take early retirement rather than rebuild their practice from scratch. The practice officially closed on April 30, 2019. 2

The second attack occurred at Wood Ranch Medical in Simi Valley, California, which announced that the practice will close on December 17, 2019.

The attack occurred on August 10, 2019, and resulted in the practice’s servers being infected with ransomware. The attack caused widespread file encryption and medical records could not be accessed. Computer systems were permanently damaged making file recovery impossible. The practice had created backups of patient records, but those backups were also encrypted and could not be used to restore patient data. 1

These incidents highlight the catastrophic consequences of ransomware attacks. Not only have the practices closed, but patients have experienced the permanent loss of their medical records.

To help prevent this type of loss, the HIPAA Journal recommends a 3:2:1 approach to backups.

“Create three backup copies, on two different types of media, and store one copy securely off site on . . . [a device] that is not networked or accessible over the internet. In the event of a ransomware attack, systems may be taken out of action and computers may need to have software reinstalled, but at least no data will be lost.”

To learn more about protecting your practice from cyber threats, see our cyber security resources.


1. Wood Ranch Medical announces permanent closure due to ransomware attack. HIPAA Journal. September 20, 2019.
2. Michigan practice forced to close following ransomware attack. HIPAA Journal. April 2, 2019.