Ransomware Attacks At Family Medical Center of Michigan & Buddhist Tzu Chi Medical Foundation

Family Medical Center of Michigan (FMC) located in Temperance, MI has informed 21,988 patients regarding a July 2020 ransomware attack that led to the likely exposure of their protected health information (PHI).

FMC stated that a cybercriminal group operating from Ukraine seemed to have carried out the ransomware attack. The attackers encrypted the financial records of FMC hence preventing its staff from gaining access to patient’s financial data. The attackers asked for a ransom payment of $30,000 in cryptocurrency to get the key to decrypt the files.

FMC mentioned it’s good that a third-party computer security company – IDX – check out the breach and help to protect its digital setting. IDX suggested the payment of the ransom as a way to find out the magnitude of the attack. According to FMC CEO, Ed Larkins, it provided the attackers’ demand and paid for the ransom a week after the attack happened. The attackers sent the key to decrypt files after two weeks.

The attack investigation affirmed that only financial records were affected and patient medical information was not exposed in the attack. Patients impacted by the attack had gotten health services in the last 14 years.

Right after the attack, steps were done to enhance security and solidify defenses to avoid other attacks. IDX is continuing to deal with the response to the incident and has not seen any attempted or actual patient data misuse since the attack. FMC has provided credit monitoring services at no cost to patients who had their financial data compromised.

Ransomware Attack Encountered by Buddhist Tzu Chi Medical Foundation

Buddhist Tzu Chi Medical Foundation based in West Sacramento, CA is sending notifications to 18,968 patients concerning the potential compromise of some of their PHI in a recent cyberattack.

The ransomware attack was discovered on July 15, 2021 when areas of its network could not be accessed. The impacted server was promptly taken offline, and emergency protocols were enforced, with the employees using pen and paper to log patient information. A forensic investigation was performed to determine the nature and extent of the breach, which established that portions of the network the hackers accessed contained patient information.

It was impossible to know whether the attackers viewed or exfiltrated any patient data. Only data access was established. The files possibly breached in the attack included names, dates of birth, and diagnosis details, which contained dental x-rays for dental patients. No other patient information was kept on the breached server and computers.

Considering the nature of exposed data, it is believed that there is a very low risk of information misuse; nevertheless, as a precaution, affected patients were advised to keep track of their statement of benefits and other health data for any suspicious activity.