Cyber Incident Victim: Magnolia Pediatrics

In August 2019, Magnolia Pediatrics, a Prairieville-based clinic, experienced a ransomware attack originating from the computer network of its unnamed third-party IT service provider. The attack encrypted the clinic's systems, rendering data inaccessible to both the attackers and the clinic until a ransom payment was made by the IT company. Office administrator Lisa Hamner confirmed the IT provider paid the ransom to resolve the incident, though she declined to disclose the provider's identity or payment details. The ransomware prevented Magnolia Pediatrics from accessing its own systems, disrupting operations. Initial assessments indicated no evidence of unauthorized exfiltration of patient data, though the encryption process itself compromised system functionality. The clinic publicly disclosed the incident on October 10, 2019, after completing internal reviews and coordinating with law enforcement.

The encrypted patient data included comprehensive personal and medical information: full names, dates of birth, Social Security numbers, addresses, phone numbers, insurance details, medical record numbers, treating physicians' names, diagnoses, lab results, and medication histories. Magnolia Pediatrics notified affected families about the potential exposure of this sensitive information and recommended credit monitoring and fraud alerts with credit bureaus. The clinic collaborated with the FBI in an ongoing investigation and implemented enhanced security measures, including system-wide password resets, firewall reboots, and upgraded spam filters with quarantine protocols for suspicious emails. While maintaining that no data appeared to have been stolen, the organization issued a public apology for operational disruptions and advised impacted individuals to contact law enforcement or regulatory agencies like the FTC and Louisiana Attorney General's Office if they suspected identity theft.