Health care records of more than 107,000 patients of Ferguson Medical Group in Missouri were attacked by ransomware on Sept. 21, 2019.
Hackers encrypted medical records obtained prior to Jan. 1, 2019 that were housed on a computer network used before Ferguson was acquired by Saint Francis Healthcare System, according to HealthITSecurity.com.
As soon as Saint Francis became aware of the issue, the company worked with the FBI and initiated actions to secure its network.
The hackers encrypted the medical records and asked the medical provider to pay a ransom. Once paid, the hackers alleged they would provide a key to break the encryption of the data. The hospital decided the hackers could not be trusted to turn over a decryption key, and decided not to pay the ransom. Most of the data was recovered through the use of backup files, according to HIPAAJournal.com.
Unfortunately, files of patients who received care at Ferguson between Sept. 20, 2018 and Dec. 31, 2018 were unable to be retrieved.
So far, there has been no indication that the hackers downloaded any information from the patient records before encrypting the data. No patients have reported having their personal information misused as a result of the ransomware attack, but affected patients have been offered credit monitoring and identity theft protection services at no charge for an unpublished amount of time.
Of the 107,054 affected patients, the number who had any health data lost because of the incident is unknown.
Ferguson Medical Group Ransomware Attack
The ransomware attack on the small health care center in Sikeston, Mo., where the population is just over 16,100, highlights the vulnerability of older computer systems in small towns.
Even though Ferguson Medical Group was bought out by Saint Francis Medical Center in early 2019, Ferguson’s older computer system was the one that became the target of hackers.
According to CRN.com, ransomware attacks cost more than $7.5 billion in the U.S. in 2019 alone. A report by Emsisoft released in December said nearly 950 healthcare facilities, government agencies and schools were hit by hackers who demanded money for the release of the encrypted or stolen data last year.
According to Fleming Shi, chief technology officer at Barracuda, a cybersecurity firm, “Smaller towns are often more vulnerable because they lack the technology or resources to protect against ransomware attacks.”
Similarly, small businesses, especially health care providers, are targeted by ransomware attacks because the computer system of a small care facility would likely be easier to hack than that of a large business that has the money and equipment to enforce many layers of cyber protection.
In many cases, an unsuspecting employee will open a phishing email, exposing the entire network to a computer virus or ransomware attack.
“Email is the most common threat vector for these types of ransomware attacks, but the blast radius can easily reach networks, applications and a wide variety of sensitive and critical data,” writes Shi.
Medical facilities will likely remain popular targets for ransomware attacks because if the hacker downloads patient information before encrypting it, the hacker could attempt to sell patients’ personal information on the dark web where it can be used in identity theft and other scams.
Join a Free Hospital Ransomware Attack Class Action Lawsuit Investigation
If you were a patient at a hospital or healthcare facility affected by a ransomware attack that impacted your medical care, you may qualify to join a hospital ransomware attack class action lawsuit investigation.
This article is not legal advice. It is presented
for informational purposes only.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2026 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
