Columbia Surgical Specialists paid an almost $15,000 ransom to regain access to files encrypted during a ransomware attack.
The Spokane, Wash.-area healthcare facility told its patients the news in a letter sent on March 7, claiming the locked files were needed to ensure the health and safety of several patients.
“Yes, we paid $14,649.09. We received notice from the people that encrypted the files just a few hours before several patients were scheduled for surgeries, and they made it clear we would not have access to patient information until we paid a fee. We quickly determined that the health and well-being of our patients was the number one concern, and when we made the payment they gave us the decryption key so we could immediately proceed unlocking the data,” Columbia said.
Initially it was believed 400,000 patients were affected, but Columbia has since said that figure is overinflated. The health care provider has not issued a new figure.
The incident was discovered on Jan. 9, 2019 when the firm realized malicious actors had gained access and encrypted the files. The impacted files contained names and, potentially, drivers’ license information, Social Security numbers and other protected health information. Columbia said the outside security firm hired to handle the incident, Intrinium, does not believe the attackers accessed the data.
Columbia said its delay in reporting the issue to its client base was due to needing all the information to be collected and analyzed.
“We’ve learned this type of attack unfolds slowly, in fits and starts, and thus the IT experts investigating the situation find bits of evidence that they piece together to learn what happened, and determine the current status. When those pieces became clearer, we reported Intrinium’s findings to the authorities, as required,” it said.