
Detroit-Area Healthcare Practices Targeted by Cyberattackers; Here’s How to Protect Yourselves
Recently UBX Cloud was brought in on a situation that saw several local healthcare practices hit by ransomware attacks.
UBX Cloud
Healthcare practices need to be aware of a serious cyberthreat that’s facing them right now.
Recently UBX Cloud was brought in on a situation that saw several local healthcare practices hit by ransomware attacks. Those who asked for our help informed us that this is an ongoing threat, with many other healthcare practices being targeted.
One location in particular saw all their patient data put through double extortion, which means not only was the practice forced to pay ransom, but the patient data was also exfiltrated by the attackers.
The practice administrators had made a very wrong assumption, which was that they didn’t have to worry about compliance requirements because they were using web-based medical scheduling software and patient management software.
That was simply not correct. When we were called in, there were already attorneys and subject matter experts explaining that this was not the case. The threat actors took documents that had been uploaded and were simply sitting on their systems.
It gets worse.
For each record that’s stolen, the practice is subject to a fine. In this case, the amount of the fines exceeds the entire revenue of the business. This practice is in serious jeopardy of collapsing.
We suspect it was a phishing e-mail that allowed the attackers to get into the system. The practice had a very basic, wide-open network that would have made an attack of this nature very easy.
This group is targeting other clinics as well, generally not small ones. And this particular clinic did not have cybersecurity insurance. That should be a cautionary tale for other healthcare practices, because these attackers are targeting these kinds of clinics specifically. Anyone who is in the same segment needs to make sure they a) take preventive measures immediately; and b) have cybersecurity insurance.
The best steps to take involve backups, patch management, password management, multifactor authentication and e-mail security to prevent random e-mails from landing in people’s inboxes.
When you contact an insurance company about cyber insurance, the first thing they will want to know is whether you have taken care of these things. So do it now, and then let them know that you have and that you need coverage.
Another thing to know: If you have patients outside Michigan, you need to check with the attorney general’s office in each state where your patients live to be sure you’re in compliance with every state’s requirements.
Finally: Don’t fall into the trap of thinking that just because you pay a lot of money to IT vendors, you’re protected. That is not necessarily the case. Many companies hire IT vendors and then decline to sign up for things like outside backups that would protect them against cyber attacks. Others hire IT vendors who are not cybersecurity experts, but they don’t find that out until it’s too late.
The cost of these services is usually minimal. The cost of not being protected? It could be the end of your practice.
That is really not a difficult decision. Contact us if you would like our help.
Related Posts
All posts

It’s Very Hot. Your Data Backup Needs Reliable Power. We’ve Got Plenty.
Give us a call at 888.509.2568.

Team Member Profile: Igor Petrovski
UBX Cloud co-founder and partner Igor Petrovski has been with the company since its inception in 2008.

For a Tech-Savvy Law Firm, the Choice of a Cloud Services Provider Was a No-Brainer
With offices in both Michigan and Illinois, Relic Law provides multidisciplinary legal and technical expertise in matters of data privacy, cybersecurity, and artificial intelligence. You can contact them at 248.579.9537.