Cyber Incident Victim: Ashland Clinic

Namaste Health Care, a primary care clinic in Ashland, Missouri, experienced a cybersecurity incident during the weekend of August 12-13, 2017. An unauthorized individual gained access to the clinic's computer systems and remotely targeted its file share server. The attacker deployed ransomware that encrypted data stored on the server as of August 14. This malicious activity disrupted access to patient information and critical operational systems. Clinic officials confirmed the ransomware attack compromised their file server but did not specify the variant used or whether data exfiltration occurred prior to encryption. Namaste implemented protective measures to safeguard patient information and secure their systems following the breach. Facing persistent encryption of their data, the clinic ultimately negotiated with the attacker and paid an undisclosed ransom amount to obtain decryption keys. This payment enabled the restoration of access to the affected systems and data.

The incident impacted approximately 1,600 patients whose information was housed on the compromised server. Namaste began notifying affected individuals following the data restoration process, issuing a press release and publishing a security incident notification on their website homepage. The clinic did not publicly disclose technical details about the ransomware strain, the exact ransom payment, or forensic findings regarding the attacker's initial access vector. DataBreaches.net contacted the clinic for additional information but received no immediate response. No patient harm or misuse of data was confirmed in the initial disclosure, though the clinic's notification emphasized proactive steps to protect information during and after the attack. The event marked a operational disruption requiring system restoration and formal patient communications to address potential privacy concerns.