Cyber Incident Victim: Ashland Clinic
Date:
Aug 2017
Location:
United States of America
Summary
A primary care clinic in Missouri experienced unauthorized access to its computer systems during a weekend incident, leading to a ransomware attack that encrypted patient data stored on a file server. The attackers demanded payment to restore access, which the clinic ultimately provided to recover the affected information. Approximately 1,600 patients were notified of the breach involving their protected health data. The organization implemented protective measures for its systems and patient information during the incident, though specific details regarding the ransomware variant or ransom amount remain undisclosed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the weekend of August 12-13, 2017, Namaste Health Care in Ashland, Missouri experienced a cybersecurity incident where an unauthorized individual gained remote access to the clinic's file share server. The attacker deployed ransomware that encrypted data stored on the server, rendering it inaccessible to clinic staff. Clinic officials publicly confirmed the incident on August 14 through a press release, stating they took immediate protective measures for patient information and computer systems following the breach detection. Despite these initial containment efforts, the clinic determined paying the ransom was necessary to restore access to the encrypted patient data. The specific ransomware variant used and the exact ransom amount paid were not disclosed in public communications or notification materials.
The ransomware attack compromised data housed exclusively on the affected file server as of August 14, 2017, though the notification did not specify whether other systems were probed or accessed. Namaste Health Care formally notified approximately 1,600 patients about the potential exposure of their protected health information through individual notices and a public statement on their website's homepage. The clinic's response included securing systems against further unauthorized access while maintaining operational continuity, though technical details about containment methods were not provided. No evidence emerged in initial reports regarding data exfiltration beyond the encryption event, nor were specifics shared about the decryption process following ransom payment. The security notification acknowledged the incident's disruptive impact on clinic operations but did not quantify downtime duration or financial consequences beyond the ransom payment itself.