Cyber Incident Victim: Ashland Clinic
Date:
Aug 2017
Location:
United States of America
Summary
Namaste Health Care in Ashland, Missouri experienced a ransomware attack when an unauthorized party gained access to its computer systems and encrypted data on the clinic’s file server. The attackers demanded payment, and the clinic paid the ransom to regain access to the affected information. Following the incident, the clinic notified approximately 1,600 patients that their personal data may have been compromised and took steps to secure its systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Namaste Health Care in Ashland, Missouri experienced a security incident over the weekend of August 12‑13, 2017, when an individual gained improper access to the clinic’s office computer systems and remotely accessed its file server. During that period, the attacker launched a ransomware virus or attack targeting the file share server, which resulted in the encryption of data stored on that server as observed on August 14, 2017. The clinic’s staff became aware of the encryption on August 14 and recognized that patient data housed on the affected server had been compromised. Although the specific type of ransomware and the ransom amount were not disclosed in the public notice, the encryption prevented normal access to the affected files. The incident prompted the clinic to initiate internal measures aimed at safeguarding patient information and securing its computer systems. Despite those protective steps, the clinic determined that paying a ransom was necessary to restore and regain access to the encrypted data.

Following the decision to pay the ransom, Namaste Health Care proceeded with the payment to the attacker in order to obtain the decryption key and recover the compromised files. After restoring access to the data, the clinic notified approximately 1,600 patients that their personal information may have been involved in the security incident. The notification was made available through a copy posted on the clinic’s website and linked from the home page. The clinic’s press release indicated that actions had been taken to protect patient information and computer systems, though it did not detail the specific technical or administrative controls employed. DataBreaches.net reached out to the clinic for additional information regarding the ransomware variant and ransom amount but did not receive an immediate response. The incident was reported in the News Tribune on August 14, 2017, and the public notice remains accessible via the clinic’s site.
