Ransomware Attack on Eye Clinic Chain Affects 500,000Wolfe Eye Clinic Refused to Pay Ransom
Wolfe Eye Clinic, which operates diagnostic and surgical centers in 40 Iowa communities, is notifying 500,000 current and former patients that their data may have been inappropriately accessed during a recent ransomware attack. But the organization refused to pay a ransom.
The clinic operator says in a statement that it detected the attack on Feb. 8. "The comprehensive forensic investigation into this incident concluded on June 8, 2021," Wolfe Eye Clinic says. "We discovered that the personal information of certain individuals may have been accessed by an unauthorized third party. For some, this information may include their name, mailing address, date of birth and Social Security number; and for others it may also include protected medical and health information."
The clinic operator did not reveal how the attacker accessed its systems or the impact the ransomware had on its ability to operate, nor did it describe how it recovered from the attack.
As of Thursday, the incident was not yet listed on the Department of Health and Human Services' website listing major health data breaches.
The Investigation's Findings
The organization says it launched an investigation with a third-party IT specialist and forensic investigators to determine the extent of the intruders' access to its systems and sensitive information.
The investigation revealed that information on 500,000 former and current patients may have been accessed by the attacker, and those individuals are now being notified, the clinic says. But it has not received any reports of identity theft tied to the attack.
"We take our responsibility to protect personal information in our control very seriously and apologize for any concern or inconvenience this may cause," says Luke Bland, the organization's CFO. "We continue to closely monitor the situation and are committed to notifying past and present patients about what happened and what they can do to protect their information."
FBI's Latest Comments on Ransoms
At a Senate hearing Wednesday, FBI Director Christopher Wray reiterated the bureau's advice regarding ransomware attack response.
"Our guidance to industry is not to pay the ransom," he testified. "And there's a whole host of reasons for that. I understand it's a difficult decision for victims to make, but the most important thing is that they reach out and connect with law enforcement … as quickly and transparently as possible."
The FBI says paying ransoms encourages criminals to wage more attacks. And it says the payments don't guarantee the victim will receive a functional decryptor or that attackers will follow through on commitments to return or destroy stolen data.
The FBI was able to help Colonial Pipeline Co. recover $2.3 million of a $4.4 million the company paid the DarkSide ransomware group to obtain a decryptor after an attack.