Breach Notification , Cybercrime , Fraud Management & Cybercrime

Ransomware Attack on Eye Clinic Chain Affects 500,000

Wolfe Eye Clinic Refused to Pay Ransom
Ransomware Attack on Eye Clinic Chain Affects 500,000
Wolfe Eye Clinic's Des Moines, Iowa location (Photo: Wolfe Eye Clinic)

Wolfe Eye Clinic, which operates diagnostic and surgical centers in 40 Iowa communities, is notifying 500,000 current and former patients that their data may have been inappropriately accessed during a recent ransomware attack. But the organization refused to pay a ransom.

See Also: The Anatomy of a Spear Phishing Attack: How Hackers Build Targeted Attacks (and why they're so effective)

The clinic operator says in a statement that it detected the attack on Feb. 8. "The comprehensive forensic investigation into this incident concluded on June 8, 2021," Wolfe Eye Clinic says. "We discovered that the personal information of certain individuals may have been accessed by an unauthorized third party. For some, this information may include their name, mailing address, date of birth and Social Security number; and for others it may also include protected medical and health information."

The clinic operator did not reveal how the attacker accessed its systems or the impact the ransomware had on its ability to operate, nor did it describe how it recovered from the attack.

As of Thursday, the incident was not yet listed on the Department of Health and Human Services' website listing major health data breaches.

The Investigation's Findings

The organization says it launched an investigation with a third-party IT specialist and forensic investigators to determine the extent of the intruders' access to its systems and sensitive information.

The investigation revealed that information on 500,000 former and current patients may have been accessed by the attacker, and those individuals are now being notified, the clinic says. But it has not received any reports of identity theft tied to the attack.

"We take our responsibility to protect personal information in our control very seriously and apologize for any concern or inconvenience this may cause," says Luke Bland, the organization's CFO. "We continue to closely monitor the situation and are committed to notifying past and present patients about what happened and what they can do to protect their information."

FBI's Latest Comments on Ransoms

At a Senate hearing Wednesday, FBI Director Christopher Wray reiterated the bureau's advice regarding ransomware attack response.

"Our guidance to industry is not to pay the ransom," he testified. "And there's a whole host of reasons for that. I understand it's a difficult decision for victims to make, but the most important thing is that they reach out and connect with law enforcement … as quickly and transparently as possible."

The FBI says paying ransoms encourages criminals to wage more attacks. And it says the payments don't guarantee the victim will receive a functional decryptor or that attackers will follow through on commitments to return or destroy stolen data.

The FBI was able to help Colonial Pipeline Co. recover $2.3 million of a $4.4 million the company paid the DarkSide ransomware group to obtain a decryptor after an attack.

About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to, TheStreet and Mainstreet.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.