Carleton-based Family Medical Center of Michigan began notifying patients this month that their financial information was exposed by hackers during a ransomware attack, Monroe News reported Sept. 20.
Seven details:
1. A group of hackers based in Ukraine targeted the medical center and encrypted its financial files, which prevented employees from accessing up to 15,000 patients' financial information.
2. Family Medical Center of Michigan paid the hackers' $30,000 demand to unlock the files, Ed Larkins, CEO of the center, told the publication.
3. FMC discovered its network had been compromised when employees noticed that they were able to access payment information and records of its patients. Shortly after finding this out, the hackers contacted FMC and made their ransom demand, according to the report.
4. FMC tapped identity theft protection company IDX to help navigate the ransomware attack, and a week after the initial hack, FMC completed the ransom payment.
5. The hackers took two weeks to get FMC the digital key to unlock the files, Mr. Larkins said.
"What [was] explained to us was that whoever is involved in [the hacking] is out to get paid the ransom and move on,” Mr. Larkins said. “Once we got the key we didn’t want to use the files … there might have been malicious [coding] hiding in the files. [IDX] advised us not to use those files or the hardware they were stored on."
6. Patients' medical records were not compromised at all, only financial information. The files belonged to patients who the practice has seen within the past 14 years.
7. FMC is offering free credit monitoring services to patients whose financial data was exposed in the incident.