Boardman Medical Ransomware Attack

On June 2019 N.E.O. Urology Boardman was hit by a severe ransomware attack effectively locking them out of their own systems. Total damage consists of the $75.000, – ransom was paid and an additional revenue loss of between $60.000, – to $100.000, -. So, what can we learn from this?

News source: wfmj.com

The Victim

N.E.O. Urology Boardman is part of the N.E.O. Urology Associates, Inc. They are known for the compassionate and skillful care with minimal invasive surgeries according to their website.

Operating from the Mahoning and Trumbull counties and surrounding areas. Finally, online sources indicate N.E.O Urology Associates as presenting a revenue of $4.6 Million annually.

News stories suggest that they have worked with local police teams but have otherwise disclosed very little information regarding the incident.

The Attack

According to various news sources, the Boardman practice administrator came into the office one morning to find all systems had been locked and a fax demanding a ransom of $75,000, – be paid in Bitcoin to unlock the systems.

The Fax listed Pay4Day.io as the point of contact for further information. As of writing this article, the domain is available for 89,00€/year.

Details regarding the attack vector have yet to be shared by the victim or the authorities and are not show on the Department of Health and Human services HIPAA Breach Report tool website, suggesting the breach impacted fewer than 500 individuals.

The Response

In response to the ransom demand, the victim contacted their service provider, who in turn contacted their IT firm. The IT firm then made the call to pay the ransom and hired a third party to do so.

Total time till recover has been reported as two days.

What Should We Consider?

Ransomware usually targets the need for availability of files and data. Seeing as medical professionals greatly rely on timely patient information to make life-changing decisions you can understand why they are so often the target for these types of attacks.

There is an argument to be made then for paying the ransom and hoping for the slim chance the attack will recover your files for you (and not extort you again same time next week). Ransomware attacks are strangely enough competitively priced. Meaning that they cost you a lot of money, but not as much as you think you will lose by not paying it. In the case of N.E.O Urology, a 75,000 ransom or 50.000 a day. Seems like an easy call, right?

But consider this; if an attack was able to compromise the availability of your data by encrypting it, who is to say he hasn’t compromised its integrity. Patient ID’s may have been switched or medical history may be incomplete. 

If this isn’t reason enough not to pay the ransom, then I’m not sure what is.

What Can We Learn?

Even though N.E.O Urology associates paid the ransom, they still suffered two days of downtime. Now I can’t confirm if the attacker did or did not provide a decryption method but what I can confirm is the importance of backups.

Once an attack hits, be it ransomware, spyware or any kind of malware, you’re going to be happy to know you have a good backup and recovery policy in place.

Ransomware’s greatest weakness is always going to be your backup and recovery plan, if you can just roll you systems back far enough and patch the vulnerability there, there is no reason to pay the ransom.