Cyber Incident Victim: Family Medical Center of Michigan
Date:
Jul 2020
Location:
United States of America
Summary
A cybercriminal gang operating out of Ukraine launched a ransomware attack on the Family Medical Center of Michigan, encrypting financial files and demanding a $30,000 ransom in cryptocurrency. The attackers gained access to patient financial information, but not medical records. The center paid the ransom and received a decryption key two weeks later. The incident highlighted the vulnerability of healthcare organizations to cyber threats and the importance of robust cybersecurity measures to protect sensitive patient data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyber incident occurred at the Family Medical Center of Michigan, a healthcare organization that provides medical services to patients in the state of Michigan. The incident involved a ransomware attack, which is a type of cyber attack where an attacker encrypts the victim's data and demands a ransom in exchange for the decryption key. In this case, the attackers gained access to the medical center's financial files and encrypted them, making it impossible for the center's employees to access patient financial information.
The attackers demanded a ransom of $30,000 in cryptocurrency, which is a type of digital currency that is difficult to track. The medical center paid the ransom, but it took the attackers two weeks to provide the decryption key. During this time, the medical center's employees were unable to access patient financial information, which likely caused disruptions to the center's operations.
The incident highlights the vulnerability of healthcare organizations to cyber threats. Healthcare organizations, like the Family Medical Center of Michigan, have access to sensitive patient data, including financial information and medical records. This data is a valuable target for cyber attackers, who can use it for financial gain or to cause harm to the patients. The incident also highlights the importance of having robust cybersecurity measures in place to protect against cyber threats.
The attackers in this incident were identified as a cybercriminal gang operating out of Ukraine. The gang likely used a phishing email or other social engineering tactic to gain access to the medical center's network. Once inside, they were able to move laterally and gain access to the financial files, which they then encrypted. The gang's motive for the attack was likely financial gain, as they demanded a ransom in exchange for the decryption key.
The incident had a significant impact on the Family Medical Center of Michigan. The center was forced to pay the ransom, which is a significant financial burden. The center also had to deal with the disruption to its operations, as employees were unable to access patient financial information. The incident also likely caused concern among patients, who may have been worried about the security of their financial information.
The medical center worked with a third-party computer security firm to investigate the incident and restore access to the encrypted files. The firm helped the center to determine the scope of the attack and to identify the attackers. The firm also helped the center to implement additional cybersecurity measures to prevent similar incidents in the future.
The incident is a reminder of the importance of cybersecurity in the healthcare industry. Healthcare organizations have a responsibility to protect patient data, and they must take steps to prevent cyber attacks. This includes implementing robust cybersecurity measures, such as firewalls and intrusion detection systems, as well as providing training to employees on cybersecurity best practices.
The incident also highlights the need for healthcare organizations to have a plan in place in the event of a cyber attack. This plan should include procedures for responding to the attack, such as notifying patients and law enforcement, as well as procedures for restoring access to encrypted files. The plan should also include procedures for preventing similar incidents in the future, such as implementing additional cybersecurity measures and providing training to employees.
The Family Medical Center of Michigan took steps to notify patients who were affected by the incident. The center sent letters to patients whose financial information was accessed by the attackers, and it offered complimentary credit monitoring services to those patients. The center also worked with law enforcement to investigate the incident and to identify the attackers.
The incident is a reminder of the risks associated with cyber attacks in the healthcare industry. Healthcare organizations must take steps to protect patient data, and they must be prepared to respond to cyber attacks. This includes having a plan in place, implementing robust cybersecurity measures, and providing training to employees on cybersecurity best practices.