A Maryland medical center said it paid ransom to hackers to unlock its data.
Mount Airy, Md.-based Family Medical Center determined in March 2023 that cybercriminals had accessed its system and copied its data, which was encrypted and unintelligible to the hackers, according to a Sept. 20 public notice in the Frederick (Md.) News-Post.
The organization said it enlisted experts and notified the state health department and law enforcement, including the FBI, to investigate. "Once the officials made sure there was no breach, we were allowed to make payments to the hackers," the notice said. "This provided an encryption key to unlock all the encrypted data. Our [IT] experts replaced the server with all intact patient records."
The average healthcare ransom payment reached $1.1 million in 2024, according to an Oct. 8 survey from Proofpoint and Ponemon Institute. While some cybersecurity experts have called for banning ransom payments, others say they're typically the only way for a healthcare organization to retrieve their data or restore their systems after a hack.