320,000 patient files at risk from ransomware in a Utah attack

Register now

Premier Family Medicine was attacked with ransomware in July, preventing access to a number of information systems and the data within.

Now, as many as 320,000 patients will be notified by Premier Family-- a large organization with 10 locations around Pleasant Grove, Utah—that their protected health information may have been put at risk.

“Even though our investigation has found no reason to believe patient information was accessed or taken, we are very concerned that this event even occurred and have taken steps to further enhance the security of our systems,” says Robert Edwards, chief administrator.

In a letter to patients, Edwards explained ransomware and how it works. “Recently, national media outlets have been reporting on the dramatic rise in ransomware attacks impacting all industries but especially those in technology, healthcare and government.”

“Ransomware involves malicious software that is deployed by cyber criminals through various means to lock organizations out of their electronic systems and then demand payment in order to regain access.” The letter did not address if Premier Family Medicine paid ransom.

Barry Shteiman, vice president at Exabeam, a vendor of security management and end-to-end detection software, says to pay or not pay is the million-dollar question when it comes to ransomware. “While many security experts warn about paying ransoms or entering into negotiations, the answer, in reality, comes down to simple economics,” he contends. If the downtime caused by data being unavailable or the backup restoration process is more expensive than paying the ransom, then organizations should pay.

“Equally, if giving up on the encrypted data has a higher cost in lost revenue or intellectual property than remediation, then you could also see why an organization would pay the ransom. Of course, this is a last resort if all other options have been exhausted.”

For reprint and licensing requests for this article, click here.